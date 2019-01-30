|
|[November 14, 2018]
|
New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years
eSentire,
Inc., the largest pure-play Managed
Detection and Response (MDR) provider, today unveiled Cybersecurity
FutureWatch 2018, a new research report that explores security evolution
and maturity amid emerging technology adoption and evolving business
needs. The report, which is based on a survey of more than 1,250 senior
executives, management and security practitioners in the U.S., U.K. and
Canada, found that only 30 percent of respondents are confident their
business will avoid a major security event in the coming two years and
60 percent believe an attack will hit in the next few years.
In terms of cyberattack preparedness in global organizations, the
research also uncovered gaps between the C-suite, board and technical
leaders. Among CEO and board members surveyed, 77 percent are optimistic
in their firm's ability to cope with a breach. This is in stark contrast
to technical leaders on the front lines, who are approximately 20
percent more likely to predict an attack. While confidence appeared high
on the surface, it waned significantly when respondents were asked in
detail about their firm's preparedness: only about a third (33 percent)
are confident that high-value assets and data are adequately protected
and even fewer are confident their security teams have access to the
appropriate resources (30 percent) or that they are spending adequately
on security (29 percent).
Other key findings from the report include:
-
AI and IoT Will Overtake Cloud as Biggest Emerging Technology Risk
- While the majority of organizations actively adopt emerging
technologies, with cloud leading the charge (72 percent), the overall
risk posed by cloud over the next three years drops by nearly 20
percent. The risks posed by the adoption of artificial intelligence
doubles over the next three years and IoT/IIoT risks also rise nearly
30 percent.
-
Compliance No Longer Considered the Top Consequence -
Operational disruption (66 percent), reputational damage and
significant financial losses (54 percent) lead regulatory penalties
(40 percent) as top consequences of a major security event. This trend
will likely mark a shift from compliance-centric security to newer
strategies that detect active attacks and reduce the risk of a
business-altering outcome.
-
The CISO-Board Connection Grows Stronger - More than half of
respondents indicate their board is very familiar with the security
budget (51 percent), overall strategy (57 percent), policies (58
percent), technologies (53 percent), and review current security and
privacy risks (51 percent). Moreover, 45 percent of security officers
report to the board or CEO, marking a sign of greater security
maturity when compared to the 33 percent that continue to report to
the CIO and 10 percent that report to a privacy or data officer.
"Our research confirms IT teams are trapped in the innovator's dilemma
of meeting business demands through the adoption of new technologies,
while shouldering the accountability for managing the risks and
resulting damage associated with the exploitation of emerging
technologies," said Mark Sangster, chief security strategist, eSentire.
"Fortunately, line of sight from the IT team to the board is improving,
which often makes it easier to articulate security risks, obtain the
required resources to mitigate those risks, and ultimately, better
protect the business. The most mature organizations are doing this by
moving beyond device and alert-focused approaches that often focused on
tit-for-tat prevention technology and toward threat-based approaches
that are both proactive and predictive."
Enterprises Can Assess Their Security Maturity with New Tool
Security
maturity and a willingness to leverage industry-best security services
can offset the risks associated with threats, such as external attacks
and insider risks. In fact, eSentire's research found that firms using
both proactive and predictive approaches reduced their risk profile by
30 percent, compared to those deploying more traditional regulatory and
compliance-driven security strategies.
To help organizations understand their own security maturity, eSentire
today has unveiled a new Business
Risk Index Tool. The free assessment is based on simple questions
that provide enterprises with a snapshot of where and how their security
approaches stack up in general and relative to comparable organizations.
Read the full findings of Cybersecurity FutureWatch 2018 and access the
Business Risk Index Tool here.
About eSentire:
eSentire®
is the largest pure-play
Managed Detection and Response (MDR) service provider, keeping
organizations safe from constantly evolving cyber attacks that
technology alone cannot prevent. Its 24x7 Security Operations Center
(SOC), staffed by elite security analysts, hunts, investigates, and
responds in real-time to known and unknown threats before they become
business disrupting events. Protecting more than $5.7 trillion AUM in
the financial sector alone, eSentire absorbs the complexity of
cybersecurity, delivering enterprise-grade protection and the ability to
comply with growing regulatory requirements. For more information, visit
www.esentire.com and follow
@eSentire.
