Cyber resilience disconnect

82% of cyber leaders agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared.

  • 1 year ago Posted in

Immersive Labs has released a commissioned study conducted by Forrester Consulting to evaluate how global cybersecurity decision-makers perceive their organization’s cyber resilience, defined as the ability and confidence to effectively respond to cyber threats. Despite high confidence in overall resilience, the study found that teams are insufficiently prepared for threats, as 82% agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared, and more than 80% don't think, or are unsure, their teams have the capabilities to respond to future attacks. To reduce risk, the study recommends a people-centric cybersecurity culture shift. 

 

Forrester surveyed 316 global cybersecurity training strategy decision-makers in the UK, US, Canada, Germany, and Sweden, exposing this troubling inconsistency in cybersecurity team confidence: their initial responses express confidence in overall team resilience, but when asked specifically about how prepared the team is for another attack or how effectively the team resolves incidents, confidence plummets. 

 

Only 17% of respondents consider their cybersecurity team to be fully-staffed and nearly half of respondents admit they aren’t able to measure cyber capabilities, further eroding confidence in the organization’s preparedness. When cyber attack prevention and damage control are both lacking, organizations may be more vulnerable than initially thought. 

 

“We’re seeing tremendous pressure on cybersecurity teams to prove their readiness for new and emerging threats, and while many feel they have built sufficient cyber workforce skills and judgment to respond, our study with Forrester Consulting reveals that nearly 50% lack the metrics to know for sure,” said James Hadley, CEO & Founder, Immersive Labs. “Our research suggests that it’s well past time to rethink traditional training programs, effectively measure cyber capabilities, and better equip cybersecurity teams with the skills and confidence to stand up to attacks.” 

  

The Impact of Cyber Talent Shortages, and Other Key Findings 

In the research, Forrester Consulting revealed several eye-opening findings from the pressures facing cyber leaders today to the impact of global cyber talent shortages, including: 

 

Cyber teams face growing pressure from senior leaders: 84% of respondents agree that cybersecurity teams feel increasing pressure to be prepared for the next cyber attack. 

Cyber threats are becoming more difficult to stop: 72% agree the threat landscape is becoming more challenging. 

Reporting is inconsistent: Senior leaders should be sharing breach readiness and incident response results to a greater degree, but fewer than 60% do so today. In addition, over half (55%) agree their cybersecurity team doesn’t have the data needed to demonstrate readiness to properly respond to cyber threats. 

Teams aren’t strategically equipped to maintain cyber resilience: Less than one-third (32%) believe their organization has a formal strategy to ensure cyber resilience. 

Talent shortages threaten cyber resilience: 83% of respondents think their cybersecurity team is understaffed, and 94% experienced at least one talent management challenge with the cybersecurity team. 

Cybersecurity teams can reduce risk by adopting modern approaches to upskilling: 64% of respondents agree that traditional cybersecurity training methods (e.g., certifications, video training courses, classroom instruction) are insufficient to ensure cyber resilience. Leveraging effective people-centric approaches, such as live simulations, and progressive, career-path-aligned online training and upskilling can bolster cybersecurity teams’ capabilities and, in turn, their organization’s cyber resilience. 

 

The study recommends that to alleviate staffing shortages and a lack of in-house cyber skills, “firms must reevaluate hiring practices to recruit and test for high-potential hires” and “invest in a culture that leverages effective people-centric approaches, such as live simulations, and progressive, career-path aligned online training and upskilling to bolster their cybersecurity teams’ capabilities and, in turn, their organization’s cyber resilience.” 

 


Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...