New Study Reveals 81% of Enterprises Have an Inadequate Approach to Cyber Risk Management
Thursday, January 18th, 2024
Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions and pioneer of Managed Cyber Risk Reduction (MCRR), announced the results of a commissioned study conducted by Forrester Consulting on behalf of Critical Start, which found that 81% of surveyed security and risk leaders agree their organization's cyber risk management approach is inadequate and 97% agree their organizations need to be more proactive in the way it manages cyber risk. The study highlights insights from security executives around the current state of cyber risk management in enterprise organizations and priority investments companies are making to improve security management.
"Amidst the challenges posed by the evolving threat landscape, coupled with the strains of staffing shortages and limited organizational security visibility, the effective management of cyber risk has become an increasingly formidable task," stated Randy Watkins, CTO of Critical Start. "We believe Forrester's research highlights the desire for organizations to be more proactive in the way they manage cyber risk. As demand for assistance in understanding, intelligently prioritizing, and addressing cyber risk grows, we anticipate a surge in collaborations with third-party experts like Critical Start to help."
Effective Cyber Risk Management and Reduction Requires a Holistic Vision and Strategy
Security teams are looking for ways to improve visibility of their organizational cyber risk, including areas such as asset inventory, security controls, and incident response plans. Without a clear view of risks, 39% of leaders reported being unable to connect risk reduction metrics to key business strategies and investments.
Limited organizational visibility, in addition to the constant need to address cyber threats, typically results in cybersecurity teams struggling to become more proactive with their security programs.
With 92% of respondents agreeing their organization needs a more comprehensive cyber risk approach, organizations should consider investing in offerings that combine platform and services. Platforms that provide risk assessment, controls monitoring risk prioritization capabilities paired with services to for a complete and managed way to proactively mitigate risk and improve organization visibility.
Reactive Cyber Risk Approaches are Burdening Security Teams
Seventy-seven percent of security and risk leaders are concerned security staff spend too much time responding to security incidents versus working on other important tasks. A more proactive cyber risk reduction approach also helps address risks before they become incidents, ideally allowing staff to focus on other security areas.
Third-Party Providers are for a Valuable Risk Reduction Resource
As security and risk leaders look to advance their cyber risk management capabilities, many will seek out partners to bring valuable technology, expertise, and staffing resources to help them better execute holistic risk reduction strategies.
Experienced third parties that bring the right skills and technology to offer Managed Cyber Risk Reduction and can offer customers the greatest risk reduction per dollar invested. Nearly 40% of leaders value partners for helping them stay aware of emerging threats and risks. Additionally, 51% of leaders surveyed intend to use third parties to support security training for their teams, and 45% will use third parties to increase security staffing to bring necessary expertise to the company.
For more study findings and recommendations on how security leaders can improve managing their cyber risk reduction strategies, download the full study HERE and join Critical Start's webinar on February, 7 2024.