Threat Intelligence
Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations
August 23, 2023
by George Glass, Laurie Iacono, Keith Wojcieszek
Tue, Sep 26, 2023
The State of Cyber Defense 2023: Detection and Response Maturity Model
The Detection and Response Maturity Model analyzed 1,000+ cybersecurity programs for organizations worldwide to identify their maturity.
Download the ReportThe Kroll Detection and Response Maturity Model highlights the gap between organizations’ perceptions of their detection maturity status and their actual cybersecurity practices.
Kroll’s Detection and Response Maturity Model (“Model”) provides a structured framework for understanding how key detection and response components contribute to an organization’s overall maturity, considering capabilities, resources, insurance and overall preparedness. The Model highlighted a significant ROI for mature organizations, as well as considerable discrepancies between perceived and actual maturity.
View the Interactive Detection and Response Maturity Curve
Use the interactive model below to explore how revenue, region and key industries fall within the maturity curve:
Developing the Detection and Response Maturity Curve
A hallmark of a mature cybersecurity program is the ability to rapidly and accurately detect a threat and confidently respond to it in a manner that minimizes its potential impact. However, believing you are cyber mature and actually being cyber mature is very different.
To find the right answer, we leveraged data uncovered in our The State of Cyber Defense 2023: The False-Positive of Trust, which included answers from 1,000 global security decision-makers. Layering those responses with Kroll’s frontline threat intelligence, we examined the perceptions and realities of threat detection and response in today’s landscape to develop the Model. This Model will help security leaders benchmark their programs, prioritize investments and increase resilience.
Our framework established three categories: Novice, Explorer and Trailblazer. Novices have low cyber maturity, Explorers showed average maturity and Trailblazers demonstrated the highest maturity.
Novice | Explorer | Trailblazer |
|---|---|---|
They are likely to be using simpler collection and monitoring tools to detect cyberattacks and may not have any actions for responding to high-severity threats or use threat monitoring and investigation as their only defenses. They only have a few elements in their cybersecurity program. | They may have access to limited threat intelligence and can create some custom use cases/rules to alert them of known cyberattacks and use multiple tools to detect high-severity threats. They have multiple elements in their cybersecurity program. | They are likely leveraging various sources of threat intelligence to continuously improve detection rules, proactively hunt for unknown behavior to detect cyberattacks, or some may be able detect threats in real-time. They have many actions to respond to high-severity threats, including remediation and digital forensics. They are likely to have a large toolkit in their cybersecurity program. |
The Gap Between Perception and Reality Reveals Intrinsic Challenges
Figure 2
The Gap Between Perception and Reality Reveals Intrinsic Challenges
As demonstrated in figure 2, there is a considerable difference between businesses that think they are cyber mature compared to those that are actually cyber mature.
Organizations in the Trailblazer group are less likely to report that they are “very mature” (13%) compared to Explorer or Novice organizations. Furthermore, 43% of those placed in the Novice group feel that their detection and response measures are very mature with no improvement required. Such stance by security leadership would represent a significant blocker ahead of potential improvements to cyber resilience and the overall ROI of security investments.
Detection and Response Maturity Delivers ROI
The number of security incidents is significantly lower for Trailblazer organizations, compared with the other two groups (figure 3). This, combined with the high cost of a data breach, demonstrates that moving from Novice or Explorer level to Trailblazer status could save organizations millions of dollars a year (figure 4).
Figure 3
Figure 4
Organizations Are Missing Key Threat Detection and Response Capabilities - and Suffering the Consequences
Figure 5
Organizations Are Missing Key Threat Detection and Response Capabilities - and Suffering the Consequences
A robust detection and response strategy is comprised of the following elements listed from most basic to most advanced.
Just 3% of organizations’ cybersecurity programs include all the threat detection and response elements required to support full maturity. Worryingly, 20% of organizations only have the basic cybersecurity monitoring with no further processes in place.
Added to this, businesses who self-reported as having a high level of cyber maturity are also more likely to only have cybersecurity monitoring in place. This further illustrates the disparity between what business think is true cyber maturity and actual cyber maturity.
Threat Detection Capabilities Highlight Big Opportunity for Improvement
Figure 6
Threat Detection Capabilities Highlight Big Opportunity for Improvement
When looking at how organizations detect cyberattacks, most organizations are only taking what we’d deem the “least mature” actions, so there is evidently room for improvement.
As the number of zero-day and critical vulnerabilities being exploited grows significantly and attackers rapidly adapt tactics to circumvent basic controls, the low maturity in threat detection highlights the urgent need for more robust detection engineering. Merging threat intelligence with real-life incident investigations can provide a considerable boost to detection capabilities, as demonstrated in our detection-as-code webinar.
Trailblazers Trust Security Tools the Most, but Humans Are Key to Avoiding Threats
Figure 7
Trailblazers Trust Security Tools the Most, but Humans Are Key to Avoiding Threats
Our report The State of Cyber Defense 2023: The False-Positive of Trust revealed that security teams generally trust employees to avoid falling victim to a cyberattack (66%) above the accuracy of cybersecurity alerts and the effectiveness of security tools. However, when looking at the data through the lens of cyber maturity, the statistics are flipped.
For Trailblazers, employees are trusted the least (54%) and the effectiveness of cybersecurity tools is trusted the most (69%).
Much, Much More In the Report
Download the Report
Much, Much More In the Report
The full report covers:
- How to overcome challenges stemming from discrepancies between perceived and actual maturity
- The ROI of detection and response maturity
- The threat detection and response capabilities missing from many organizations’ strategies (including cyber insurance)
For access to the full results, complete the form to download the report.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Red Team Security Services
Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Explore Insights
Threat Intelligence
Managed Detection and Response
2023 State of Cyber Defense: The False-Positive of Trust
June 14, 2023
Managed Detection and Response
Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)
April 24, 2023
by Rafael De Lima, Michael Cowley
Managed Detection and Response
Managed Detection and Response (MDR) Buyer’s Guide
October 31, 2022
by Marc Brawner, Mark Nicholls
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.