Security executives seek a balance between investments, delegation of tasks, and managing potential hazards
In a recent survey conducted by Nuspire, 200 CISOs and IT security decision makers from various organisations with up to 10,000 employees and annual cybersecurity budgets ranging from $100,000 to over $3 million, shared their insights on the current state of cybersecurity.
According to Rick Holland, Digital Shadows' CISO and VP of Strategy, the survey results indicate a significant gap between investments in cybersecurity and the persisting threats in the IT environment. One of the solutions proposed by Holland is outsourcing cybersecurity needs to third-party vendors, which can help fill some gaps. However, he also emphasised that outsourcing introduces other challenges, and organisations still own the risk.
The survey found that cloud security posture management, cloud access security broker, and endpoint detection and response are all outsourced at a rate of more than 40%. Interestingly, very few organisations manage all of their cybersecurity needs in-house, with only 4% of respondents stating that their organisation manages all cybersecurity internally.
The survey respondents identified ransomware on employee-owned devices and phishing attacks targeting employees as the biggest threat concerns. They also highlighted internal points of weakness as the most worrisome threats, with half of the respondents identifying human error and deficient employee training as the primary cause of IT vulnerabilities.
The survey findings also shed light on the pressure on CISOs to prioritise spending effectively to ensure the best defence and response. IT, finance, sales, and marketing departments were identified as the most vulnerable in respective organisations.
Losing internal knowledge when outsourcing a service was identified as a challenge by Holland. Despite this, he believes that outsourcing can be a valuable strategy for organisations struggling to defend and address the threat landscape, exacerbated by a lack of resources and skills.
The notable third-party providers delivered by Nuspire in the survey year for Cloud Security Posture Management, Cloud Access Security Broker, and Endpoint Detection and Response were not specified in the available data.
Two-thirds of CISOs and IT security decision makers believe their organisations remain vulnerable to cyberattacks, underscoring the need for continued investment and vigilance in cybersecurity. The survey was released last week.
