Content, Content

Cyber Investments, Risk Reduction Misaligned for Organizations, New Study Suggests

Credit: Getty Images

Two-thirds (66%) of cybersecurity leaders in the U.S. are not confident in the effectiveness of their current strategies for evaluating and mitigating major cyber risks.

That's the conclusion of Critical Start, a 2023 MSSP Alert Top 40 managed detection and response (MDR) service provider, in a new study.

How Confident are Security Leaders?

Critical Start's 2023 Cyber Risk Confidence Index study for the first half of this year analyzes the confidence levels IT security leaders have in their existing approach to reducing cyber risk, and how well their current strategies align to their organization’s risk profile.

Accordingly, for top line data, 83% of IT security leaders said their company prioritizes the cost of security over the risk of a breach. In addition, 67% of organizations said they have been breached in the past two years, despite having traditional threat-based detect and respond security solutions in place. And 61% of respondents claim their organization’s cybersecurity investment and quantifiable risk reduction priorities are not fully aligned.

Randy Watkins, chief technology officer at Critical Start, explained the survey’s results:

“Considering the multitude of daunting challenges cybersecurity leaders face today, ranging from sophisticated and ever-evolving threat environments to under-staffed security teams, the lack of confidence our research revealed may be alarming but is not entirely unexpected. When we dive deeper into the data we gathered, a familiar story emerges of security professionals hungry for more resources and better alignment between their security investments and their organization’s appetite for risk.”

Threats Become More Sophisticated

Key findings from the study include:

  • The increasing sophistication of an evolving threat landscape is the most frequent challenge cybersecurity leaders face.
  • A similar level of concern is ascribed to the lack of resources at IT and cybersecurity leaders’ disposal (45%).
  • 38% of companies directly cite budgetary pressures as a problem.
  • While 90% of respondents say their organization has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
  • Only 49% of companies are running full and comprehensive cybersecurity assessments and risk evaluations more frequently than once every six months.
  • Around half (45%) of respondents view automation as the best solution to addressing cybersecurity challenges.
  • 82% of respondents expect security vendors to leverage AI technology to enhance their cyber risk capabilities in the next 12 months.

A Closer Look at Critical Start

In addition to MDR, Critical Start offers security information and event management (SIEM), endpoint detection and response (EDR) and extended detection and response (XDR) services. In April 2023, the company had generated a two-fold increase in its revenue and number of new customers in the prior 24 months.

Its channel partner program enables managed security service providers (MSSPs) and managed service providers (MSPs) and other technology providers to integrate those services into their portfolios.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.