Skip to main content
false
Footer icon fix, PDB mobile header fix, list css fix
shared header v2
Lucid Search Bar Implementation
Push Down Banner V1 Analytics Patch (3/18/24), remove it if not using v1
Global nav V2 patch, remove after adding the mobile languages fix in the codebase (S7 or S8)

The State of Security 2023 Is Resilient

For once, fewer security teams say it’s hard to keep up, and the best have found a way to improve results, collaboration and funding.

landscape

The average dwell time is nine weeks.

LANDSCAPE

It’s hard to get ahead of the attackers

While only 53% of security teams (down from 66% last year) say it's harder to keep up with security requirements, everyone struggles to escape a purely reactive mode:

  • 64% of SOC teams pivot, frustratingly, from one security tool to the next.
  • 87% of orgs say they’ve been a target of ransomware.
  • 88% of respondents report ongoing talent challenges.

GOALS

Resilience is the goal — and, increasingly, the reality

Few organizations have a holistic approach to resilience, but it’s clearly what they’re aiming for:

 

  • MTTR is the top metric by which the business measures security success.
  • 81% of SOCs are collaborating more with IT operations to improve resilience.
  • Yet 31% of security teams say they have yet to formally implement any resilience strategies.
goals

Just 31% of orgs have an enterprise-wide approach to resilience.

threats

Dwell time for successful penetrations averages nine weeks.

THREATS

More attacks, longer dwell times, higher costs

Fifty-two percent of orgs report suffering a recent data breach, up from 49% last year, and 39% the year before. Ransomware is ubiquitous: This year, 87% of orgs say they were targets of ransomware attacks (up from 79% last year). Effects include:

  • Significant personnel time needed for remediation (57% of orgs)
  • Loss of confidential data (48%)
  • Lost productivity for end users (41%)

See the report for details on supply chain attacks, business email compromise, malicious insiders and DDoS attacks.

LESSONS

Lessons from security leaders

To meet new and persistent challenges, 51% of respondents plan investments that combine cyber resilience with traditional business continuity/disaster recovery preparation.

Leading security orgs in our survey also:

  • Are 10-15% more likely to use analytics to identify cyber risks, improve threat detection and automate remediation
  • Are increasing the frequency of meetings between the CISO and the C-suite/board
lessons

Leading orgs are 2.5x as likely to be converging security functions with ITOps and other adjacent functions

Read The State of Security 2023 to understand the latest threats and top resilience strategies.