The False-Positive of Trust: Balancing Cybersecurity Tools and Organizational Confidence

Kroll, a leading provider of global risk and financial advisory solutions, has released its 2023 State of Cyber Defense Report: The False-Positive of Trust. This report highlights the delicate balance between trust and cyber maturity within organizations. Despite senior security decision-makers expressing high levels of trust in their organization’s protection against cyberattacks, the findings reveal that organizations are experiencing a significant number of security incidents. The report emphasizes the importance of understanding the limitations of security tools and the need for managed detection and response (MDR) or managed security service provider (MSSP) solutions to enhance cybersecurity posture.The Disconnect Between Trust and Cyber Incidents:The report reveals a concerning discrepancy between organizational trust and the number of security incidents experienced. While 37% of senior security decision-makers express complete trust in their organization’s ability to defend against cyberattacks, the average number of security incidents per organization stands at five. This correlation suggests that solely relying on security tools without a comprehensive understanding of threats leaves organizations vulnerable to attacks.The Role of Managed Detection and Response:Despite organizations deploying an average of eight cybersecurity platforms, only 24% have adopted MDR or MSSP solutions. The report underscores the importance of having a trusted partner that can effectively manage and update security monitoring solutions. The absence of such partnerships leaves organizations more exposed to threats and reinforces the idea that a higher number of security tools does not guarantee protection.Survey Findings in the UK and EMEA:The report includes specific findings from the UK and the EMEA region. UK companies attribute the depreciation of trust primarily to a lack of communication, while the rest of EMEA identifies limited technical capabilities and stretched business resources as contributing factors. Additionally, 97% of respondents report that they do not have complete trust across all aspects of their organization, highlighting the widespread concern among IT leaders.Consequences of a Lack of Trust:The report highlights the costs associated with a lack of trust in the workplace. Globally, increased complexity is viewed as the most significant consequence (37%), while the UK emphasizes unnecessary technology (43%). EMEA as a whole perceives misrepresentation of cyber risk (40%) as the most significant consequence, while North America highlights slow incident response and increased complexity (both 37%).Misplaced Trust and Cybersecurity Insurance:The report reveals that trust in employees to avoid cyberattacks ranks higher (66%) than trust in the security team’s ability to identify and prioritize security gaps (63%). Only 23% of businesses have cybersecurity insurance coverage, and even among IT and security professionals who consider their security operations to be mature, only 20% have cyber insurance.Outsourcing Cybersecurity Services:The report highlights the growing popularity of outsourcing cybersecurity services, with 98% of organizations considering or already planning to outsource. Additionally, 89% of IT and security decision-makers express the need for improved transparency between their security teams and vendors.Conclusion:The State of Cyber Defense Report sheds light on the false-positive of trust in cybersecurity. It emphasizes the need for organizations to move beyond relying solely on security tools and to gain a comprehensive understanding of evolving threats. Partnering with trusted external providers, such as MDR or MSSP solutions, can offer an independent perspective and up-to-date threat insights. To enhance cybersecurity posture and avoid internal security siloes, organizations must prioritize continuous improvement and knowledge enhancement in the face of evolving cyber threats.