Tue, Sep 26, 2023

Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyberattacks

New York – Kroll, the leading independent provider of global risk and financial advisory solutions, has released The State of Cyber Defense Report 2023: Detection and Response Maturity Model, which discovered that 91% of cybersecurity professionals believe that their cyber detection and response processes are “very mature” or “somewhat mature,” yet, in fact, only 4% have mature processes in place. The model places organizations into three different stages of their cyber detection and response maturity journey; the three categories are Novice, Explorer and Trailblazer which reflect a low, medium and high level of maturity, respectively. The model illustrates that of those surveyed, 23% of businesses are Novices, 73% are Explorers and 4% are Trailblazers.

In the last year, businesses experienced an average of five major security incidents that resulted in data compromise or financial impact. Kroll’s model identified that Trailblazer organizations experience 30% fewer security incidents. Further, 23% of Trailblazer organizations did not experience a single significant data breach in the last year. This combined with the high cost of a data breach demonstrates that high cyber maturity could save businesses millions of dollars a year.

When looking at the behavior of businesses within each group, a perception problem is made evident. Indeed, 43% of those placed in the Novice group feel that their detection and response measures are very mature with no improvement required. Further, organizations in the Trailblazer group are less likely to report that they are very mature (13%) compared to Explorer or Novice organizations. This would indicate that those in the Trailblazer group have a greater awareness of what it means to be cyber mature.

Scott Hanson, Head of Global Security Operations, Cyber Risk, Kroll, commented: “Our research findings illustrate a concerning gap between how businesses perceive their level of cyber maturity and their capabilities in practice. It’s clear that building long-term cyber resilience is more challenging than expected. While ‘Novice’ organizations often become complacent with only basic security monitoring in place, ‘Trailblazer’ organizations are more likely to self-assess as ‘not very’ cyber mature. It would appear that a healthy dose of ‘cyber cynicism’ (or simple humility) is a distinct advantage for organizations seeking to maintain their cyber resilience.

“Being willing to question established ‘bare minimum’ approaches and invest in solutions with the support of proven security partners is key. Businesses need the right technologies in place so that they can see the true scope of the threats they face, paired with robust detection and response expertise such as an experienced MDR provider. With the right tools, partnerships, and a keen sense of self-awareness, organizations are on the path towards true cyber maturity.”

Key global findings from The State of Cyber Defense 2023: Detection and Response Maturity Model include:

  • The Perception Problem: 91% of cybersecurity professionals self-reported that their cybersecurity practices were “very mature” or “somewhat mature”. However, the analysis shows that only 4% of businesses have mature detection and response practices in place.
  • Trailblazers Can Expect Fewer Significant Data Breaches: 23% of organizations in the Trailblazer group did not experience a single significant data breach that resulted in data loss or financial impact in the last year. This is notably higher than those in the Explorer (4%) and Novice groups (2%). Considering the cost of a data breach, there are considerable financial incentives to becoming a Trailblazer.
  • Insurance is a Mature Option: Over half (51%) of Trailblazer organizations have cyber insurance, compared to 7% for organizations in the Novice group.
  • Outsourcing is Key: Almost eight in 10 (79%) organizations in the Trailblazer group outsource part of their cybersecurity services. This is notably greater than those in the Explorer (52%) or Novice (34%) groups.
  • Only the Basics Are Being Covered: Worryingly, a fifth of organizations (20%) only have the basics—cybersecurity monitoring—in place. Further, only 3% of organizations have all the recommended detection and response elements in their cybersecurity program. These include crisis management, threat intelligent enrichment, detection engineering and recovery capabilities.
  • The Differences in Trust Between Novice and Trailblazer: Security teams generally trust employees to avoid falling victim to a cyberattack (66%) above accuracy of cybersecurity alerts and the effectiveness of tools. However, when looking at the data through the lens of cyber maturity, Trailblazers trust their employees to avoid a cyberattack the least (54%) and the effectiveness of cybersecurity tools is trusted the most (69%).

The State of Cyber Defense Report 2023: Detection and Response Maturity Model analyzed data from a survey of 1,000 senior IT security decision-makers in Q1 2023 at firms with $50 million (mn) to $10 billion (bn) in revenue. The survey was carried out by an independent specialist in market research, Vanson Bourne, and all respondents had some responsibility or knowledge of cybersecurity within their organization. Respondents were from the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan and Brazil.

Explore The State of Cyber Defense 2023: Detection and Response Maturity Model and see the interactive model on the Kroll website with data split by revenue, industry and region.

About Kroll
As the leading independent provider of risk and financial advisory solutions, Kroll leverages our unique insights, data and technology to help clients stay ahead of complex demands. Kroll’s team of more than 6,500 professionals worldwide continues the firm’s nearly 100-year history of trusted expertise spanning risk, governance, transactions and valuation. Our advanced solutions and intelligence provide clients the foresight they need to create an enduring competitive advantage. At Kroll, our values define who we are and how we partner with clients and communities. Learn more at Kroll.com.

For More Information Contact

Devonne Cusi
+1 212 450 8199
[email protected]

Savannah O’Hare
+34 711 02 32 81
Savannah.o’[email protected]

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Red Team Security Services

Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.