Critical Start Research Uncovers 66% of Businesses Lack Understanding of Their Cyber Risks
August 2023 by CRITICALSTART®
Critical Start published its first-ever Cyber Risk Landscape Peer Report, which explores major concerns and challenges currently confronting cybersecurity leaders as they manage risk within their organizations. The report also examines the amount of risk organizations are willing to accept, resource constraints, and key priorities for approaching cyber risk in the future. Results of the study, conducted in partnership with research consultancy, Censuswide, reveal businesses are struggling to understand their cyber risks, with 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritize investments and allocate resources effectively.
Amidst an environment of ever-evolving cyber threats, there is a strong need to progress how the industry approaches reducing cybersecurity risk to facilitate better resource allocation during a period of staffing shortages and burnout. This is evident as 67% of organizations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cybersecurity investments and their organization’s risk reduction priorities.
“Today, it’s not just about defending against threats; it’s also about acknowledging the full spectrum of potential risks and vulnerabilities as part of the cornerstone for modern business resilience,” said Randy Watkins, Chief Technology Officer at Critical Start. “As our research highlights, organizations are starting to think more holistically about their security programs to better safeguard against breaches and disruptions. They want to better align resources and projects to the greatest risk reduction impacts.”
Additional key findings from the Cyber Risk Landscape Peer Report include:
The cybersecurity landscape and what cyber leaders need is changing: 83% of organizations agree that a comprehensive, cyber risk reduction strategy will yield a reduction in the likelihood of a significant cyber incident occurring.
Organizations are looking to be more proactive: 74% of organizations are planning to prioritize proactive risk reduction strategies to stay ahead of the evolving threat landscape.
Cyber teams are seeking help: 93% of organizations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.
Organizations see a need for holistic cyber risk management solutions: 93% of organizations expressed the belief that a holistic, evidenced based approach to cyber risk management will yield a reduction in the likelihood of a significant cyber incident occurring. This includes integrating risk assessment, protection, detection, response, and recovery into a cohesive strategy.
The publishing of the Cyber Risk Landscape Peer Report comes on the heels of Critical Start’s recent introduction of Managed Cyber Risk Reduction (MCRR), a groundbreaking new approach to security designed to reshape the way businesses combat cyber risks. MCRR, the next evolution of MDR, provides a comprehensive managed solution to address risks, vulnerabilities, and threats. It’s built to go beyond threat-based detect and response to support organizational security programs across the five functions of the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF): Identify, Protect, Detect, Respond, and Recover.