CIO Influence
CIO Influence News Cloud Security

New ReliaQuest Study Organizations are Prioritizing Cybersecurity Initiatives but are Dragged Down by Lack of Fundamentals

by CIO Influence News Desk
New ReliaQuest Study Organizations are Prioritizing Cybersecurity Initiatives but are Dragged Down by Lack of Fundamentals
57% of organizations are prioritizing secure cloud migrations and 48% are looking to implement Zero Trust; however, the majority are still held back by lack of visibility and challenged with measuring the progress of their security program

Open XDR-as-a-Service leader ReliaQuest, in partnership with Ponemon Research, announced publication of a survey report detailing the needs and priorities of cybersecurity leaders in the United States and United Kingdom. The report, “Making Security Possible and Achieving a Risk-oriented Security Posture,” shows that organizations are prioritizing strategic security programs but missing the foundational capabilities they need to make meaningful changes to their security posture. Among the roadblocks to achieving a risk-oriented posture are ineffective security metrics, operational inefficiencies, and the lack of full visibility across their dynamic IT environment.

“This research offers insights into the priorities of security leaders, the day-to-day struggles they face and their ambition to support the business through change,” said Ashok Sankar, Vice President of Product and Solutions Marketing at ReliaQuest. “While it’s positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like Zero Trust – which can be a multi-year journey – it’s important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren’t sexy, but they are the building blocks of a resilient security program.”

Recommended ITech News: Comscore Receives Prestigious ISO Certifications for Information Security and Privacy Information Management Systems

Sankar added: “As organizations seek to digitally transform their business and adapt to hybrid work, it’s critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success.”

Key insights include:

Security leaders are committed to a stronger risk-based security posture

  • 57% of respondents are prioritizing securely migrating applications to the cloud.
  • Almost half (49%) of security leaders are enabling DevSecOps best practices.
  • 48% of organizations surveyed are prioritizing implementing Zero Trust principles as part of their security strategy.

Recommended ITech News: 1010data In New Collaboration with Moody’s Analytics

Security teams are not aligned on their security program or metrics

  • The primary obstacle to implementing an IT security risk management program is a lack of standardized metrics to measure progress (64%), followed by the lack of a risk management strategy and decision-making structure (58%).
  • 58% of respondents say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to attacks, but only 31% consider developing a risk-reduction program a top security priority.
  • Only a third (37%) of those surveyed believe that their teams are tracking the right security metrics and that it is easy to communicate them to business executives and board members.
  • Only about half (49%) rate developing business goal–oriented metrics as one of the top priorities for the next year.

Security teams are inhibited by process and operational inefficiencies

  • 31% of respondents report their security staff spends at least 3 hours a day manually administering and managing (optimization, writing rules, integrating) tools.
  • The majority (57%) of organizations have one staff member managing more than four tools in their organizations. Only 17% have one staff member assigned to manage a single tool.
  • 52% agree that their team is spending too much time on data collection activities instead of threat detection and analysis.

Poor enterprise-wide visibility is the main culprit behind risk exposure

  • Only 13% say they have more than 75% visibility across all security tools, including on-premises and the cloud. 69% believe they have less than 50% visibility across all security tools, including on-premises and the cloud.
  • 56% believe they could achieve better threat detection and response efficiency with better visibility by integrating and providing a singular view across tools.
  • 60% state their top challenge in implementing effective threat detection is a lack of integrated visibility into cloud and on-premises sources.
  • Only about one-third (36%) say they are measuring visibility across the environment, including on-premises and the cloud.

Recommended ITech News: Proximie Selects 8×8 Call and Video Quality Performance Monitoring to Enhance Future of Surgical Healthcare

CIO Influence News Desk is a dedicated news publication center that publishes the top news, insights and analysis related to Information Technology, Cloud Modernization, DevOps, Security, Storage and ML ops.

Related posts

Quickplay Teams With Google Cloud to Unlock the Power of Generative AI

PR Newswire

CIO Influence Interview with Ed Macosky, Chief Product and Technology Officer (CPTO) at Boomi

Rishika Patel

Silicom Secures Major Edge Networking Design Win from a US Communications Service Provider

CIO Influence News Desk

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.