Wed, Jun 14, 2023
New York – Kroll, the leading independent provider of global risk and financial advisory solutions, has released its 2023 State of Cyber Defense Report: The False-Positive of Trust, which explores the balance between trust and cyber maturity. The findings reveal that 37% of senior security decision-makers “completely” trust that their organization is protected and can successfully defend against all cyberattacks, despite organizations experiencing an average of five major security incidents in the last year. Further, despite organizations deploying on average eight cybersecurity platforms, the higher the average number of platforms installed, the more cybersecurity incidents organizations have experienced.
The correlation between the number of security tools and the number of security incidents suggests that trusting security tools alone is misguided, and security teams may not fully understand the threats they face. Further, despite the number of security tools deployed, only 24% have a managed detection and response (MDR) or managed security service provider Solution (MSSP). This confirms that having multiple security tools on a network does not guarantee protection, and without a partner that routinely manages and updates the security monitoring solutions—what an MDR provider would perform—organizations are more vulnerable to threats.
The 2023 State of Cyber Defense Report: The False-Positive of Trust surveyed 1,000 senior IT security decision-makers in Q1 2023 at firms with $50 million (mn) to $10 billion (bn) in revenue. The survey was carried out by an independent specialist in market research, Vanson Bourne, and all respondents had some responsibility or knowledge of cybersecurity within their organization. Respondents were from the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan and Brazil. The survey and report look to understand the levels of organizational trust and how that can have wide-ranging impacts on effectively dealing with cybersecurity challenges.
Pierson Clair, Managing Director of Cyber Risk at Kroll, commented: “To navigate the current threat landscape, trust is imperative. There needs to be trust in teams, trust in technology and its configuration, in intelligence sources, and with suppliers. However, there is a critical balance to be made on how much and where that trust should be placed. Further, there is a frequent overestimation in the capabilities of security tools without continued managed response. Of course, this is understandable considering the sheer volume of data that security teams deal with and the number of cyber incidents businesses tackle daily. Security teams want solutions that will fix today’s problems, without appreciating the fact that there is no ‘one-and-done’ solution for an everchanging landscape.”
Key global findings from Kroll’s 2023 State of Cyber Defense: The False-Positive of Trust include:
Jason Smolanoff, President of Cyber Risk at Kroll, said: “To move beyond unsafe assumptions about their cybersecurity and become fully cyber resilient, organizations need to keep up to date on evolving cyber threats, gain in-depth understanding of what their security tools can defend against and maximize tooling in response. Organizations can achieve this by working with a trusted external partner to gain an independent and accurate perspective on their security status. Specialist support will provide the critical viewpoint needed to help businesses avoid internal security siloes and enhance their knowledge with constantly-updated threat insight.”
To download the 2023 State of Cyber Defense: The False-Positive of Trust report, click here.
About Kroll
As the leading independent provider of risk and financial advisory solutions, Kroll leverages our unique insights, data and technology to help clients stay ahead of complex demands. Kroll’s team of more than 6,500 professionals worldwide continues the firm’s nearly 100-year history of trusted expertise spanning risk, governance, transactions and valuation. Our advanced solutions and intelligence provide clients the foresight they need to create an enduring competitive advantage. At Kroll, our values define who we are and how we partner with clients and communities. Learn more at Kroll.com.
For more information, contact:
Devonne Cusi
+1 212 450 8199
[email protected]
Savannah O’Hare
+34 711 02 32 81
Savannah.o’[email protected]
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.