- The majority of large enterprises spend an average of 3-5 months integrating and training teams on each new security solution – at the expense of threat hunting, vulnerability scanning and security awareness training
- However, major contradictions are rife, with 76% believing more tools equate to better security
Attitudes to cybersecurity within the UK’s largest organisations are highly contradictory and risk exacerbating existing risks, stress, and inefficiency, new research from SenseOn has today revealed. The research which surveyed 250 IT and Security decision makers at UK and Irish companies with more than 250 people – uncovered that the vast majority still subscribe to the belief that ‘the more cybersecurity tools you purchase the more protected you are’, despite new tools taking an average of 2.4 months to adopt, taking away from other critical activity including threat hunting and security awareness training. The study also found that two thirds of respondents from the largest organisations (5,000-10,000 employees) see third party risk as a primary challenge, presenting a further contradiction to the perception that more tools improves security.
This speaks to a security ecosystem where organisations feel compelled to buy tools to feel better protected, only to find themselves concerned about the necessary exposure of having more suppliers and vendors, and with months in cybersecurity limbo, dedicating even more time to adopting the new tools, rather than using them.
The problem of new tools being hailed as a solution to security problems is further compounded by a chronic lack of staff to adopt – and subsequently manage – these tools. At a time when security professionals are already overwhelmed and under-resourced, new tools can place additional demands on already stretched teams.
Corresponding to this narrative, the same poll of security professionals also found that 95% of respondents believe that stress is impacting staff retention in their organisation. When polled on what technologies would reduce this stress, 83% of respondents highlighted ‘tools that use AI to automate security activity’ and 81% opted for security awareness training.
“The research supports something lots of people working in the industry already know: Cybersecurity is broken.” said David Atkinson, Founder and CEO of SenseOn. “Such a large majority of security leaders reporting their companies reliance on tools in place of a security strategy is a huge concern.
“The tools they are purchasing are expensive, time-consuming to launch, and are not built to integrate with each other. This means that despite spending huge amounts of time and money on them, they do not make an organisation safer – particularly when considering the justified concerns many of these leaders share regarding their supply chain risks. Companies should look to solve these issues by partnering with vendors that can unify multiple security disciplines under a single unified product, which can reduce costs, blindspots, and alleviate much of the stress security teams are currently experiencing.”