Only one/3 of companies have 24/7 safety protection, survey finds – Cyber Tech

Almost two-thirds of organizations lack 24/7 cybersecurity protection all year long as a result of staffing shortages, a Development Micro report printed Thursday revealed.

The issue seems to be only one symptom of underlying points that leaves safety departments under-resourced and drives reactive, fairly than proactive, cybersecurity spending.

“What we’re discovering is that an alarming proportion of organizations worldwide undergo from a critical disconnect between enterprise management and IT/safety management. Many boardrooms lack both the technical information or information clearly correlating cyber danger to enterprise danger,” a Development Micro spokesperson instructed SC Media.

The Development Micro examine was carried out by Sapio Analysis and included interviews with 2,600 IT leaders across the globe. Almost half of respondents – 48% – stated leaders of their group don’t think about cybersecurity to be their duty.

The examine additionally revealed disjointed solutions to the query of who ought to in the end maintain duty for cyber-related enterprise dangers, with solely 42% saying the buck ought to cease with the CEO.

Thirty-four % put the onus on the CIO, 26% on the CISO, 20% on the CFO, 16% on the COO and 14% on the CMO, with a number of selections allowed per response. Moreover, 31% stated IT groups ought to in the end be answerable for managing cybersecurity dangers.

“A scarcity of clear management on cybersecurity can have a paralyzing impact on a corporation – resulting in reactive, piecemeal and erratic choice making,” Development Micro Technical Director Bharat Mistry stated in an announcement. “Corporations want CISOs to obviously talk when it comes to enterprise danger to interact their boards.”

Enterprise battle to handle rising assault floor

Development Micro stated the outcomes of its examine are a troubling signal as cyber threats solely proceed to develop, with assault surfaces continuously increasing as organizations undertake new applied sciences and total assault volumes rising. The corporate stated it blocked 161 billion cyber threats in 2023, which is a ten% enhance from 2022.

Moreover, the Identification Theft Useful resource Middle’s 2023 Knowledge Breach Report discovered that the variety of publicly reported information breaches in america reached an all-time excessive final yr, at greater than 3,200 compromises affecting greater than 353 million folks.

Almost all the IT leaders interviewed for the Development Micro examine (96%) stated they have been involved about their assault floor, and greater than a 3rd (36%) stated they have been apprehensive they lacked a way to find, assess and mitigate high-risk areas. Moreover, 19% stated they aren’t capable of work from a single supply of reality (SSOT), which may happen when a corporation’s cyber toolkit turns into “bloated” with siloed level options.

Greater than half of respondents – 54% – stated their group’s perspective towards cyber danger was inconsistent from month to month and solely 17% strongly felt that their group’s management noticed cybersecurity as their duty.

Gaps in cybersecurity assets and technique have been indicated by different troubling statistics: solely 34% of respondents stated their organizations deliberate to observe regulatory and different frameworks akin to NIST’s Cybersecurity Framework, and simply 35% stated they’d adequate assault floor administration strategies to measure the danger of their assault floor.

“We have now carried out a number of surveys like this over the previous few years. Whereas they aren’t every an identical in content material, they do reveal vital developments. Whereas this phenomenon just isn’t quickly worsening, the numbers stay fairly daunting. We beforehand discovered that over 40% of IT leaders consider their group’s assault floor is ‘spiraling uncontrolled,’” a Development Micro spokesperson instructed SC Media.

The report famous that authorities laws, akin to america’ Safety and Alternate Fee (SEC) guidelines and the European Union’s NIS2 directive, could show essential to preserve companies and their leaders accountable for managing cybersecurity danger.

Moreover, Development Micro instructed SC Media that rising applied sciences like AI can help in mitigating challenges like staffing shortages, “whether or not it’s streamlining tedious and repetitive safety duties or utilizing machine studying to collect higher menace intelligence.”

“That being stated, organizations that don’t have a security-first tradition will be unable to benefit from these instruments, and dangers will stay elevated,” the spokesperson added.