Organizations talk about a good safety game but fail to deliver
Organizations prioritize strategic security programs, but lack the capabilities they need to make meaningful changes to their security posture, according to a new report.
However, 58% of respondents report the lack of a well-defined safety and risk management program and only 31% considered the development of a risk reduction program to be a top safety priority.
Only 37% believe their teams are following the right security measures and that it is easy to communicate them to business leaders and board members. About half (49%) of respondents see the development of measures focused on business objectives as one of their top priorities for the coming year.
While 13% say they have more than 75% visibility across all security tools, including on-premises and in the cloud, 69% believe they have less than 50% visibility.
“This research provides insight into the priorities of security leaders, the day-to-day challenges they face, and their ambition to support the business through change,” said Ashok Sankar, vice president of product and solutions marketing. at ReliaQuest. “Although this is positive. to see more leaders engage in strategic approaches to secure their organization, as they look to implement programs like Zero Trust – which can be a multi-year journey – it’s important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics, and processes aren’t sexy, but they’re the building blocks of a resilient security program. “
The report also highlights inefficiencies, with 31% of respondents saying their security staff spend at least three hours a day manually administering and managing tools. 57 percent of organizations have a staff member managing more than four tools, and only 17 percent have a staff member assigned to manage a single tool. Additionally, 52% agree that their team is spending too much time on data collection activities instead of threat detection and analysis.
Sankar adds, “As organizations seek to digitally transform their businesses and adapt to hybrid work, it is critical that security teams are not only aligned with goals, but also have the appropriate resources to conduct security operations. resilient security, preparing the business for the long term. Success.”
The full report is available on the ReliaQuest website.