86% of Firms Identify Unknown Cyber-Risks as Top Concern


Eighty-six percent of respondents have identified unknown organizational cyber-risks as a top concern, according to the Critical Start 2024 Cyber Risk Landscape Peer Report, published today.

The report, conducted in partnership with Censuswide, also suggests that 66% of businesses have limited insight into their cyber-risk profiles and that 65% of executives worry about the misalignment between cybersecurity investments and organizational risk reduction priorities.

These figures have remained consistent with last year’s findings, according to the firm, indicating little improvement in cyber-risk management protocols.

Additionally, 83% of cybersecurity professionals reported experiencing a cyber breach requiring attention, an increase from previous years, despite having traditional threat-based detection and response measures in place.

Cyber Expertise Challenges

The issue of cyber expertise also emerged as a significant challenge, with 50% of professionals citing a lack of expertise as a barrier to effective cyber-risk management, up from 37% last year.

Read more on cyber expertise development: Only 5% of Boards Have Cybersecurity Expertise, Despite Financial Benefits

In response to these challenges, businesses are increasingly seeking support to become more proactive in their cyber-risk management. An overwhelming 99% of respondents said they are planning to implement managed cyber risk reduction (MCRR) solutions to continuously monitor and mitigate risks.

“Embracing technology that amplifies IT and security teams’ capabilities enables them to stay ahead of threats despite budgetary constraints,” explained Chris Morales, CISO at Netenrich.

“The solution is not simply acquiring more tools or hiring more talent but a strategic shift towards a data-driven approach. This approach empowers IT and security professionals, unlocking greater value from existing investments while enhancing the work environment for security and operations teams.”

Proactive Risk Reduction

Moreover, 99% of these organizations are looking to offload segments of their cyber-risk reduction projects to security providers, reflecting an 8% increase from last year.

The trend towards proactive risk reduction, observed in Critical Start’s latest report, is becoming the new normal, the company found, with 81% of organizations prioritizing strategies to stay ahead of evolving threats. This includes continuous risk monitoring, threat intelligence integration and timely incident response.

“Like many functions in an organization, challenges are driven by the costs associated with internal and external resources. In the case of monitoring cyber-risk, the ability to automate critical but routine tasks can help reduce the workload of internal audit, risk management and IT security,” said Pathlock CEO, Piyush Pandey.

“Defining a well thought out set of workflows for managing access and monitoring access and transaction exceptions in real time can free up internal resources, reduce dependency on external resources and create a more proactive risk management program.”



Source link