Critical Start published its second annual Critical Start Cyber Risk Landscape Peer Report, which examines why cyber risk mitigation continues to be a challenge for organizations. The study, conducted in partnership with research consultancy Censuswide, uncovered that 86% of respondents believe unknown organizational cyber risks are currently a top concern. This is an increase of 17% compared to last year, signifying a need to advance proactive cyber risk management practices in addition to threat-based detection and response within security programs.
Today's increasingly complex and pervasive cyber threat landscape requires businesses to implement more robust and proactive cybersecurity measures, yet concern around lack of company alignment and visibility persist. Critical Start's report found that 66% of businesses report limited visibility and insight into their cyber risk profiles, and 65% of executives expressed concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities. These findings are comparable to last year's, 66% and 61% respectively, indicating that organization's cyber risk management protocols haven't improved.
"Threat detection and response is essential for organizations, as this represents the final line of defense before attacks escalate into significant breaches or cause major business disruption", says Randy Watkins, Chief Technology Officer at Critical Start. "Based on our research, 99.4% of cyber leaders want to combine proactive security elements into their detect and response capabilities. By incorporating capabilities such as finding hidden assets, endpoint coverage gaps, and failed log ingestion, organizations can improve security operations outcomes.
The Cyber Risk Landscape Peer Report also found:
- Cyber attacks are not slowing down: 83% of cybersecurity professionals reported experiencing a cyber breach requiring attention, despite having traditional threat-based detect and respond security measures, a significant increase from previous years.
- Cyber expertise is a growing issue: In 2023 we reported that 37% of cybersecurity professionals cited a lack of expertise as a challenge faced in effective cyber risk management. This year, that number increased to 50%.
- Businesses seeking support to become more proactive: 99% of respondents say they plan to implement a managed cyber risk reduction (MCRR) solution to continuously monitor and mitigate cyber risks. 99% of these same organizations are planning to offload segments of cyber risk reduction projects to security providers, which is an increase of 8% compared to 2023.
- Proactive risk reduction, the new normal: The report found that 81% of organizations are planning to prioritize proactive risk reduction strategies to stay ahead of the evolving threat landscape. This includes continuous risk monitoring, threat intelligence integration, and timely incident response.
Critical Start's report highlights the need for businesses to advance proactive cybersecurity strategies. By leveraging MDR services that integrate proactive security measures, organizations can significantly reduce their cyber risk and enhance their overall security posture. Investment in cybersecurity technology, coupled with the invaluable expertise of human analysts, is essential for navigating the complex and dynamic cyber threat landscape.
For more report findings and recommendations on implementing a proactive cyber risk mitigation strategy, download the full Cyber Risk Landscape Peer Report here.
