Cyber Risk Confidence Index Reveals Skepticism of Mitigation Strategies

Today, Critical Start unveiled its 2023 Cyber Risk Confidence Index, a report analyzing the confidence levels that IT security leaders have in their existing approach to reducing cyber risk, and how well their current strategies align to their organization's risk appetite.

Results of the study revealed that 66% of cybersecurity leaders in the U.S. are not very confident in the effectiveness of their current strategies for evaluating and mitigating major cyber risks.

Experts predict the cost of cybercrime will hit $8 trillion in 2023 and grow to $10.5 trillion by 2025. Yet, 83% of IT security leaders say their company prioritizes the cost of security over the risk of a breach, according to Critical Start's findings. And, with the recent rules from the SEC requiring registrants to disclose material cybersecurity incidents, and to communicate material information regarding their cybersecurity risk management, strategy, and governance on an annual basis, the topic of cyber risk management is top of mind.  

Additional key findings from the Critical Start report include: 

• Security challenges are in abundance
  Critical Start's report found that the increasing sophistication of an evolving threat landscape is the most frequent challenge cybersecurity leaders face. A similar level of concern is ascribed to the lack of resources at IT and cybersecurity leaders' disposal (45%), and 38% of companies directly cite budgetary pressures as a problem. 
• Cyber risk often falls on one person's shoulders
  While 90% of respondents say their organization has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%), this consists of just one person. 
• Lack of continuous risk assessment hinders cyber confidence Only 49% of companies are running full and comprehensive cybersecurity assessments and risk evaluations more frequently than once every six months. 
• Automation becomes a need-to-have
  Around half (45%) of respondents view automation as the best solution to addressing cybersecurity challenges. In fact, 82% of respondents expect security vendors to leverage AI technology to enhance their cyber risk capabilities in the next 12 months. The Biden Administration recently announced that it has secured voluntary commitments from seven of the biggest AI companies to help ensure the safe and responsible development of artificial intelligence technologies.

"Considering the multitude of daunting challenges cybersecurity leaders face today, ranging from sophisticated and ever-evolving threat environments to under-staffed security teams, the lack of confidence our research revealed may be alarming but is not entirely unexpected," said Randy Watkins, Chief Technology Officer for Critical Start, a provider of managed detection and response (MDR) services and cybersecurity consulting services.

"When we dive deeper into the data we gathered, a familiar story emerges of security professionals hungry for more resources and better alignment between their security investments and their organization's appetite for risk," Watkins said. 

Research for the Critical Start 2023 Cyber Risk Confidence Index was conducted by Censuswide, via a survey of 501 U.S.-based IT security decision makers at businesses ranging from 2,500 to 25,000 employees.