Lack of trust ranked as the biggest security concern by security decision-makers globally.
Pallas Consultants conducted a survey of 1,000 senior information security decision-makers based in North and South America, APAC and EMEA. Respondents were from organizations with between $10 million and $5 billion in revenue, across multiple sectors. Our goal was to understand the current state of cyber defense, the levels of organizational trust, and how true cyber maturity links to trust in facilitating organizations to stay ahead of the curve in a constantly evolving threat landscape.
Our findings reveal a concerning inconsistency between organizations’ level of trust in their own cybersecurity status and their readiness to achieve true cyber resilience.
Key Highlights Include:
Why security decision-makers rank a lack of trust as their biggest cybersecurity challenge
The dangers of the majority of respondents trusting their employees’ abilities to avoid falling victim to a cyber incident above security teams and tools
The critical difference between what security teams are defending against versus what they believe their security tools protect them from
Country and industry breakdowns on the reasons behind distrust in an organization
How closely does your organization track insider risk?
Security decision-makers place trust and confidence in their teams and technology to protect their organizations, but many display an ‘over-confidence’. Over a third (37%) of senior security decision-makers interviewed report they ‘completely trust’ their organization is protected and can successfully defend against most/all cyber-attacks, indicating a level of over-confidence in being able to defend against all potential threats.
This ties to the link found with CFOs also being over-confident in their companies’ ability to defend against cybersecurity incidents, in research conducted by Pallas Consultants in 2022 - CFO Cyber Security Survey: Over-Confidence is Costly.
Not All Security Leaders Understand What Their Security Tools Are Protecting Against.
For any organization looking to effectively defend against cyber threats, it is essential they understand what they are protecting against and which tools to implement to protect themselves in the long-term.
Most organizations are using multiple platforms for cybersecurity – with eight platforms used on average.
Interestingly, the higher the average number of platforms used, the more cybersecurity incidents the organizations have experienced.
Humans Are More Trusted Than Security
When it comes to specific departments, information security decision-makers have understandably significant levels of trust in information security teams (94%). When looking at the methods to prevent a cyberattack, respondents state that they trust their fellow employees’ abilities to avoid falling victim to a cyber incident (66%) above all else.
Trust in employees is ranked higher than the ability of the security team to identify and prioritize security gaps (63%), accuracy of data alerts (59%), effectiveness of cybersecurity tools and technologies (56%), and the accuracy of threat intelligence data (56%).
