Threat Management, Vulnerability Management, Asset Management

Critical Start Report: Most Organizations Struggle to Understand Their Cyber Risk

Two-thirds of organizations lack understanding of their own cyber risk, while three quarters plan to prioritize proactive risk reduction strategies, according to a new Critical Start report.

The top 250 MSSP and managed detection and response (MDR) provider’s inaugural Cyber Risk Landscape Peer Report shows that businesses are struggling to understand their cyber risks. The report also examines the amount of risk organizations are willing to accept, resource constraints, and key priorities for approaching cyber risk in the future.

Despite being armed with traditional threat-based security mechanics, roughly two in three organizations in the study were struck by a cyber breach in the last two years that required intervention. In addition, six in 10 security executives expressed concerns over the current misalignment between cybersecurity investments and their organization's risk reduction priorities.

Cyber Risk Findings by the Numbers

Here are more key findings from the survey:

  • 83% of organizations agree that a comprehensive, cyber risk reduction strategy will yield a reduction in the likelihood of a significant cyber incident occurring.
  • 93% of organizations plan to offload specific segments of cyber risk reduction work streams or projects to security service providers within the next two years.
  • 93% of organizations expressed the belief that a holistic, evidenced based approach to cyber risk management will yield a reduction in the likelihood of a significant cyber incident occurring. This includes integrating risk assessment, protection, detection, response, and recovery into a cohesive strategy.

Final Thoughts

Randy Watkins, Critical Start chief technology officer, explained that understanding the entirety of cyber risks is a key part of modern cyber posture:

"Today, it's not just about defending against threats; it's also about acknowledging the full spectrum of potential risks and vulnerabilities as part of the cornerstone for modern business resilience. As our research highlights, organizations are starting to think more holistically about their security programs to better safeguard against breaches and disruptions. They want to better align resources and projects to the greatest risk reduction impacts."

The study comes on the heels of Critical Start’s new risk assessment service that enables organizations to proactively assess their risk posture, monitor progress, prioritize risk, and develop effective mitigation plans supported by evidence.

The risk assessment service is also a key part of its managed cyber risk reduction (MCRR) platform that goes beyond traditional MDR and includes identify, protect and recover capabilities.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.