Lack of trust ranked as the biggest security concern by security decision-makers globally.
Kroll conducted a survey of 1,000 senior information security decision-makers based in North and South America, APAC and EMEA. Respondents were from organizations with between $50 million and $10 billion in revenue, across multiple sectors. Our goal was to understand the current state of cyber defense, the levels of organizational trust, and how true cyber maturity links to trust in facilitating organizations to stay ahead of the curve in a constantly evolving threat landscape.
Our findings reveal a concerning inconsistency between organizations’ level of trust in their own cybersecurity status and their readiness to achieve true cyber resilience.
Key Highlights Include |
|---|
|
Over-confidence in the Current Cyber Defense Landscape
Security decision-makers place trust and confidence in their teams and technology to protect their organizations, but many display an ‘over-confidence’. Over a third (37%) of senior security decision-makers interviewed report they ‘completely trust’ their organization is protected and can successfully defend against most/all cyber-attacks, indicating a level of over-confidence in being able to defend against all potential threats.
This ties to the link found with CFOs also being over-confident in their companies’ ability to defend against cybersecurity incidents, in research conducted by Kroll in 2022 - CFO Cyber Security Survey: Over-Confidence is Costly.
Do you trust your organization’s cybersecurity defenses to successfully defend against most/all cyberattacks? [1000], split by region, omitting some answer options
Not All Security Leaders Understand What Their Security Tools Are Protecting Against
For any organization looking to effectively defend against cyber threats, it is essential they understand what they are protecting against and which tools to implement to protect themselves in the long-term.
Most organizations are using multiple platforms for cybersecurity – with eight platforms used on average.
Interestingly, the higher the average number of platforms used, the more cybersecurity incidents the organizations have experienced.
How many cybersecurity platforms does your organization use regularly to monitor cybersecurity alerts? [1000], split by sector
Senior Leadership Have Cautious Trust in Their Cyber Defenses, but Security Teams ‘Over-Trust’
95% of security decision-makers feel that improvements are needed in the level trust given by senior leadership.
Do you feel that the level of trust the senior leadership team has in your team to keep the business secure from threats could be improved in your organization? [1000], omitting some answer options
Humans Are Trusted More Than Technology
When it comes to specific departments, information security decision-makers have understandably significant levels of trust in information security teams (94%). When looking at the methods to prevent a cyberattack, respondents state that they trust their fellow employees’ abilities to avoid falling victim to a cyber incident (66%) above all else.
Trust in employees is ranked higher than the ability of the security team to identify and prioritize security gaps (63%), accuracy of data alerts (59%), effectiveness of cybersecurity tools and technologies (56%), and the accuracy of threat intelligence data (56%).
Which of the following do you trust the most within your organization? [1000], combination of responses ranked first, second and third, omitting some answer options
The Benefits of Trust Are Overshadowed by a Lack of It
An overwhelming majority (98%) agree there is a cost to a lack of trust in the workplace, and this cost can be far-reaching.
In general (thinking about other organizations as well as your own), what do you believe are the consequences of a lack of trust in the cyber environment? [1000], omitting some answer options
Stay Ahead With Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident response, regulatory compliance, financial crime and due diligence engagements to make our clients more cyber resilient.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cloud Security Services
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
