Skybox Security released new findings from the largest cybersecurity benchmarking study of global executives. The research reveals that traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats. As a result, 27% of all executives and 40% of chief security officers (CSOs) say their organizations are not well prepared for today’s rapidly shifting threat landscape.
A tipping point
On average, organizations experienced 15% more cybersecurity incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.
The top four causes of the most significant breaches reported by the affected organizations were:
- Human error
- Poor maintenance/lack of cyber hygiene
- Unknown assets
“What’s notable about this list is that all of these conditions result from mistakes or manual processes inside organizations — which means they are all in principle avoidable,” said Ran Abramson, threat intelligence analyst, Skybox Research Lab. “The clear implication is that, however pernicious external threats have become, cybersecurity teams still have the power to repel them. And that’s the good news: With the right practices and tools – including automation to maximize efficiency and get the most out of limited staff – breaches can be prevented.”
Risk-based approach prevents breaches
The study surveyed executives and analyzed the cybersecurity investments, practices, and performance of 1,200 companies and public-sector organizations in 16 countries and a wide range of industries. It’s the largest cybersecurity benchmarking study with C-level decision-makers ever undertaken. The research findings uncover that conventional cybersecurity approaches are falling short, and organizations that shift to modern, risk-based strategies are more successful in preventing breaches.