Content, Content

It’s Time to Rethink Security Culture, Match Confidence to Capabilities, Immersive Labs Reports

Software Engineers and Developers Shortage – problems of staff searching. Vector illustration

Despite high confidence in overall cyber resilience and capabilities, a new study of nearly 320 cybersecurity training decision makers worldwide found that teams are insufficiently prepared for threats.

If They Had Been Better Prepared...

More than eight in 10 cybersecurity teams believe they could have mitigated some to all of the damage from their most significant cyber incident in the last year had they been better prepared, a new study by Immersive Labs found.

But more than 80% don’t believe, or are uncertain, their teams have the tools to respond to future attacks, Immersive said. One answer to reduce risk is to change the security culture to rely more on trained people, the study recommends.

When cyberattack prevention and damage control are both lacking, organizations may be more vulnerable than initially thought, said James Hadley, Immersive founder and chief executive:

“We’re seeing tremendous pressure on cybersecurity teams to prove their readiness for new and emerging threats… while many feel they have built sufficient cyber workforce skills and judgment to respond. Our research suggests that it’s well past time to rethink traditional training programs, effectively measure cyber capabilities, and better equip cybersecurity teams with the skills and confidence to stand up to attacks.”

Research Uncovers Security Gaps

Key findings of the research:

  • Only 17% of respondents consider their cybersecurity team to be fully staffed.
  • Nearly half of respondents admit they aren’t able to measure cyber capabilities, further eroding confidence in the organization’s preparedness.
  • 84% of respondents agree that cybersecurity teams feel increasing pressure to be prepared for the next cyberattack.
  • 72% agree the threat landscape is becoming more challenging.
  • Senior leaders should be sharing breach readiness and incident response results to a greater degree, but fewer than 60% do so today.
  • 55% agree their cybersecurity team doesn’t have the data needed to demonstrate readiness to properly respond to cyber threats.
  • 32% believe their organization has a formal strategy to ensure cyber resilience.
  • 83% of respondents think their cybersecurity team is understaffed; 94% experienced at least one talent management challenge with the cybersecurity team.
  • 64% of respondents agree that traditional cybersecurity training methods (e.g., certifications, video training courses, classroom instruction) are insufficient to ensure cyber resilience.
  • Leveraging effective people-centric approaches, such as live simulations, and progressive, career-path-aligned online training and upskilling, can bolster cybersecurity teams’ capabilities and, in turn, their organization’s cyber resilience.

To alleviate staffing shortages and a lack of in-house cyber skills Immersive recommends organizations:

  • Reevaluate hiring practices to recruit and test for high-potential hires.
  • Invest in a culture that leverages effective people-centric approaches, such as live simulations, and progressive, career-path aligned online training and upskilling, to bolster their cybersecurity teams’ capabilities and their organization’s cyber resilience.”
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.