A recent study conducted by SenseOn has exposed the conflicting attitudes towards cybersecurity within the UK’s largest organizations, posing a significant threat to existing risks, stress, and inefficiency. The research surveyed 250 IT and Security decision makers at UK and Irish companies with more than 250 employees, revealing that the majority of these organizations continue to believe that purchasing more cybersecurity tools equates to better protection.
Despite this belief, the study found that the adoption of new security solutions takes an average of 2.4 months, diverting valuable time and resources away from crucial activities such as threat hunting and security awareness training. This contradiction highlights the growing disconnect between the perceived value of cybersecurity tools and their actual impact on an organization’s security posture.
Moreover, the research revealed that two-thirds of respondents from the largest organizations (5,000-10,000 employees) view third-party risk as a primary challenge, further complicating the notion that an abundance of tools leads to improved security. This suggests a concerning trend where organizations feel compelled to invest in multiple security tools without considering the potential trade-offs and complexities that come with their adoption.
The dilemma of relying on an ever-increasing number of security tools is exacerbated by the chronic lack of staff to effectively adopt and manage these tools. With security professionals already overwhelmed and under-resourced, the introduction of new tools only adds to the burden placed on these teams, ultimately prolonging the time it takes to derive real value from the investments made in these solutions.
In line with these findings, the survey also revealed that 95% of respondents believe that stress is impacting staff retention within their organizations. The overwhelming majority expressed a desire for technologies that utilize AI to automate security activities, as well as increased security awareness training, as potential solutions to alleviate the strain on security teams.
David Atkinson, the Founder and CEO of SenseOn, emphasized the concerning implications of the research findings, stating, “The research supports something lots of people working in the industry already know: Cybersecurity is broken. Such a large majority of security leaders reporting their companies’ reliance on tools in place of a security strategy is a huge concern.”
Atkinson further highlighted the inefficiencies associated with the current approach to cybersecurity, noting that the expensive and time-consuming nature of launching new tools, coupled with their lack of integration with each other, ultimately fails to make organizations safer. He urged companies to consider partnering with vendors that can unify multiple security disciplines under a single, integrated product to reduce costs, blind spots, and alleviate much of the stress currently experienced by security teams.
In light of these findings, it is evident that the prevailing approach to cybersecurity within large organizations is in dire need of reassessment. The emphasis on acquiring more tools without a holistic security strategy in place not only undermines the effectiveness of these investments but also places undue strain on security teams. Moving forward, organizations must prioritize a more streamlined and integrated approach to cybersecurity to effectively mitigate risks and improve overall security posture.