Some 37% of senior security decision-makers say they have "complete" trust that their organisation is sufficiently protected, or can defend itself against all forms of cyber attack, despite organisations experiencing an average of five major security incidents in the past year.

This is amongst the findings of a report published by Kroll, which also found that, the higher the average number of platforms installed, the more cyber security incidents organisations experienced. Organisations were found to deploy eight cyber security platforms, on average.

The 2023 State of Cyber Defense Report: The False-Positive of Trust surveyed 1,000 senior IT security decision-makers in Q1 2023 at firms with US$50m to US$10bn in revenue in the US, UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan and Brazil.

Commenting on the findings, Edward Starkie, associate managing director of cyber risk at Kroll, said: “To navigate the current threat landscape, trust is imperative. There needs to be trust in teams, trust in technology, in intelligence sources and in suppliers. However, there is a critical balance to be made on how much and where that trust should be placed.

"Further, businesses seem unaware of the importance of continued managed response. Of course, this is understandable considering the sheer volume of data that security teams deal with and the number of cyber incidents businesses tackle daily. Security teams want solutions that will fix today’s problems, without appreciating the fact that there is no ‘one and done’ solution for an everchanging landscape.”


Key findings (Source: Kroll)

UK companies state that the biggest cause for trust to depreciate is a lack of communication (52%). The rest of EMEA find the reasons more wide-ranging with lack of communication, limited technical capabilities and over stretched business (all 46%) to be the causes. Almost all (97%) reported that they do not have complete trust across all aspects of their organisation, clearly demonstrating a widespread concern for IT leaders with potentially damaging consequences.

An overwhelming majority (98%) agree there is a cost to a lack of trust in the workplace. More complexity is the greatest perceived consequence globally (37%), however unnecessary technology is deemed the biggest consequence in the UK (43%). This also differs to EMEA as a whole where misrepresentation of cyber risk is deemed the biggest consequence (40%) and to North America where slow incident response and more complexity are deemed the largest (both 37%).

Trust in employees to avoid cyber attacks (66%) was ranked higher than the ability of the security team to identify and prioritise security gaps (63%), accuracy of data alerts (59%), effectiveness of cyber security tools and technologies (56%) and the accuracy of threat intelligence data (56%).

Share Story: