Cyber
Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023
February 7, 2024
by David White
Lack of trust ranked as the biggest security concern by security decision-makers globally.
Kroll conducted a survey of 1,000 senior information security decision-makers based in North and South America, APAC and EMEA. Respondents were from organizations with between $50 million and $10 billion in revenue, across multiple sectors. Our goal was to understand the current state of cyber defense, the levels of organizational trust, and how true cyber maturity links to trust in facilitating organizations to stay ahead of the curve in a constantly evolving threat landscape.
Our findings reveal a concerning inconsistency between organizations’ level of trust in their own cybersecurity status and their readiness to achieve true cyber resilience.
Key Highlights Include |
|---|
|
Over-confidence in the Current Cyber Defense Landscape
Do you trust your organization’s cybersecurity defenses to successfully defend against most/all cyberattacks? [1000], split by region, omitting some answer options
Over-confidence in the Current Cyber Defense Landscape
Security decision-makers place trust and confidence in their teams and technology to protect their organizations, but many display an ‘over-confidence’. Over a third (37%) of senior security decision-makers interviewed report they ‘completely trust’ their organization is protected and can successfully defend against most/all cyber-attacks, indicating a level of over-confidence in being able to defend against all potential threats.
This ties to the link found with CFOs also being over-confident in their companies’ ability to defend against cybersecurity incidents, in research conducted by Kroll in 2022 - CFO Cyber Security Survey: Over-Confidence is Costly.
Not All Security Leaders Understand What Their Security Tools Are Protecting Against
How many cybersecurity platforms does your organization use regularly to monitor cybersecurity alerts? [1000], split by sector
Not All Security Leaders Understand What Their Security Tools Are Protecting Against
For any organization looking to effectively defend against cyber threats, it is essential they understand what they are protecting against and which tools to implement to protect themselves in the long-term.
Most organizations are using multiple platforms for cybersecurity – with eight platforms used on average.
Interestingly, the higher the average number of platforms used, the more cybersecurity incidents the organizations have experienced.
Senior Leadership Have Cautious Trust in Their Cyber Defenses, but Security Teams ‘Over-Trust’
Do you feel that the level of trust the senior leadership team has in your team to keep the business secure from threats could be improved in your organization? [1000], omitting some answer options
Senior Leadership Have Cautious Trust in Their Cyber Defenses, but Security Teams ‘Over-Trust’
95% of security decision-makers feel that improvements are needed in the level trust given by senior leadership.
Humans Are Trusted More Than Technology
Which of the following do you trust the most within your organization? [1000], combination of responses ranked first, second and third, omitting some answer options
Humans Are Trusted More Than Technology
When it comes to specific departments, information security decision-makers have understandably significant levels of trust in information security teams (94%). When looking at the methods to prevent a cyberattack, respondents state that they trust their fellow employees’ abilities to avoid falling victim to a cyber incident (66%) above all else.
Trust in employees is ranked higher than the ability of the security team to identify and prioritize security gaps (63%), accuracy of data alerts (59%), effectiveness of cybersecurity tools and technologies (56%), and the accuracy of threat intelligence data (56%).
The Benefits of Trust Are Overshadowed by a Lack of It
In general (thinking about other organizations as well as your own), what do you believe are the consequences of a lack of trust in the cyber environment? [1000], omitting some answer options
The Benefits of Trust Are Overshadowed by a Lack of It
An overwhelming majority (98%) agree there is a cost to a lack of trust in the workplace, and this cost can be far-reaching.
Much, Much More Inside
Download the Report
Much, Much More Inside
The full report also covers:
-
What do information security decision-makers view as effective ways to build trust?
-
What are seen as the key limiting factors to achieving cyber resilience?
-
How do organizations leverage outsourcing and MDR?
-
What is perceived as the most frequent cause of loss of trust?
For access to the full results, complete the form to download the report.
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Virtual CISO (vCISO) Advisory Services
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cloud Security Services
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Explore Insights
Cyber
Managed Detection and Response
The State of Cyber Defense 2023: Detection and Response Maturity Model
September 26, 2023
Cyber
CACTUS Ransomware: Prickly New Variant Evades Detection
May 10, 2023
by Laurie Iacono, Stephen Green, Dave Truman
Managed Detection and Response
Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)
April 24, 2023
by Rafael De Lima, Michael Cowley
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.