Organizations talk a good security game but fail to deliver
Organizations are prioritizing strategic security programs but are missing the capabilities they need to make meaningful changes to their security posture according to a new report.
However, 58 percent of respondents report the lack of a well-defined security and risk management program and only 31 percent have considered developing a risk-reduction program a top security priority.
Only 37 percent believe their teams are tracking the right security metrics and that it is easy to communicate them to business executives and board members. Around half (49 percent) of respondents rate developing business goal-oriented metrics as one of their top priorities for the next year.
While 13 percent say they have more than 75 percent visibility across all security tools, including on-premises and the cloud, 69 percent believe they have less than 50 percent visibility.
“This research offers insights into the priorities of security leaders, the day-to-day struggles they face and their ambition to support the business through change," says Ashok Sankar, vice president of product and solutions marketing at ReliaQuest. "While it's positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like Zero Trust -- which can be a multi-year journey -- it's important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren't sexy, but they are the building blocks of a resilient security program."
The report highlights inefficiencies too, 31 percent of respondents say their security staff spend at least three hours a day manually administering and managing tools. 57 percent of organizations have one staff member managing more than four tools, and only 17 percent have one staff member assigned to manage a single tool. In addition 52 percent agree that their team is spending too much time on data collection activities instead of threat detection and analysis.
Sankar adds, "As organizations seek to digitally transform their business and adapt to hybrid work, it's critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success."
The full report is available from the ReliaQuest site.