The risk consultancy Kroll has released a State of Cyber Defense Report 2023: Detection and Response Maturity Model. The firm found that 91pc of cybersecurity professionals believe that their cyber detection and response processes are “very mature” or “somewhat mature,”. Yet, in fact, only 4pc have mature processes in place.
The model places organisations into three stages of their cyber detection and response maturity ‘journey’; the three categories are Novice, Explorer and Trailblazer which reflect a low, medium and high level of maturity, respectively. The model illustrates that of those surveyed, 23pc of businesses are Novices, 73pc are Explorers and 4pc are Trailblazers.
In the last year, businesses experienced an average of five major security incidents that resulted in data compromise or financial impact. Kroll’s model identified that Trailblazer organisations experience 30pc fewer security incidents. Further, 23pc of Trailblazer organisations did not experience a single significant data breach in the last year. This combined with the high cost of a data breach demonstrates that high cyber maturity could save businesses millions of dollars a year.
When looking at the behaviour of businesses within each group, a perception problem is made evident. Indeed, 43pc of those placed in the Novice group feel that their detection and response measures are very mature with no improvement required. Further, organisations in the Trailblazer group are less likely to report that they are very mature (13pc) compared to Explorer or Novice organisations. This would indicate that those in the Trailblazer group have a greater awareness of what it means to be cyber mature, the firm says.
Mark Nicholls, Chief Research Officer, Cyber Risk, Kroll, said: “It’s both interesting and concerning that our findings highlight a significant gap between how businesses view their level of cyber maturity and how they approach their cybersecurity in practice.
“It’s also clear that achieving and maintaining long-term cyber resilience is more challeng-ing than expected. Based on the fact that ‘Trailblazer organizations’ are more likely to self-assess as ‘not very’ cyber mature, it would appear that having a healthy dose of ‘cyber cyni-cism’ is a distinct advantage for organizations seeking to maintain their cyber resilience. Adopting a willingness to question established infosec processes and a drive to review and update tools and solutions with the support of proven security partners is key to improving maturity.
“Beyond a level of cynicism, businesses also need the right technology in place so that they can see the true scope and profile of the threats they face, including robust detection and response capabilities and an effective MDR solution. With the right tools and a healthy dose of self-awareness, organizations are on the right track towards true cyber maturity.”
Global findings include:
The perception problem: 91pc of cybersecurity professionals self-reported that their cyber-security practices were “very mature” or “somewhat mature”. However, the analysis shows that only 4pc of businesses have mature detection and response practices in place.
Trailblazers can expect fewer significant data breaches: 23pc of organisations in the Trail-blazer group did not experience a single significant data breach that resulted in data loss or financial impact in the last year. This is notably higher than those in the Explorer (4pc) and Novice groups (2pc). Considering the cost of a data breach, there are considerable financial incentives to becoming a Trailblazer.
Insurance is a mature option: Over half (51pc) of Trailblazer organisations have cyber insur-ance, compared to 7pc for organisations in the Novice group.
Outsourcing is key: Almost eight in 10 (79pc) organisations in the Trailblazer group out-source part of their cybersecurity services. This is notably greater than those in the Explorer (52pc) or Novice (34pc) groups.
Only the basics are being covered: Worryingly, a fifth of organisations (20pc) only have the basics—cybersecurity monitoring—in place. Further, only 3pc of organisations have all the recommended detection and response elements in their cybersecurity program. These in-clude crisis management, threat intelligent enrichment, detection engineering and recovery capabilities.
The differences in trust between Novice and Trailblazer: Security teams generally trust employees to avoid falling victim to a cyberattack (66pc) above accuracy of cybersecurity alerts and the effectiveness of tools. However, when looking at the data through the lens of cyber maturity, Trailblazers trust their employees to avoid a cyberattack the least (54pc) and the effectiveness of cybersecurity tools is trusted the most (69pc).
