The State of Security 2023: Collaboration Is Essential For Building Resilience

Security is, and always has been, a tough job. Security teams continue to face escalating cyberattacks while being bombarded by false positives and clocking more hours due to staffing shortages. However, security leaders and practitioners alike also understand that these crises are inevitable — and are increasingly focusing their efforts on recovering as quickly and efficiently as possible when disaster strikes.  

These trends and other findings are explored in our newly-released report, The State of Security 2023, which we published today, detailing research on the challenges and opportunities ahead for security leaders and teams. The research was conducted in partnership with the Enterprise Strategy Group and features the thoughts, insights and opinions of more than 1,500 survey respondents representing 10 countries and 15 industries.

One welcomed revelation was that 2022 was free of any globally catastrophic security events comparable to SolarWinds or Log4J. Another encouraging insight was that the number of respondents who struggled to keep pace with security requirements decreased slightly from 66% in 2022 to 53% currently. That said, security teams often remain in a reactive mode as they face increasingly sophisticated ransomware attacks and other stealthy, advanced threats.

Getting out of this reactive mode will be even harder going forward. Increasingly stringent regulations governing data privacy and security will make compliance more challenging globally, particularly around securing software supply chains. Meanwhile, as more technology sector companies continue to downsize and streamline operations with layoffs, security teams will be forced to do more with less. 

Ultimately, the companies that survive these prolonged challenges and headwinds will be the ones that build resilience into their operations, so they can recover faster, and get back to business sooner.

A Growing Need for Resilience

Although the term “resilience” is not widely used by security teams, the idea that organizations need to be able to withstand and overcome adversity is nothing new to security leaders, who have no shortage of supply chain risks, ransomware attacks and other threats to address.  

Despite the efforts of security teams everywhere, cyber incidents have been rising and dwell times are longer (averaging nine weeks). And it’s all causing real damage — only 4% of respondents reported that they suffered security incidents without experiencing any significant consequences. The vast majority struggled with consequences ranging from loss and theft of confidential data and lost productivity, to damaged reputation and diminished company valuation.

In light of these challenges, the need for resilience is greater than ever. At the leadership level, 91% report that the CISO is collaborating with line-of-business leaders on cyber resilience strategies and investments. And an overwhelming majority of security teams also agree that the risk of significant business disruption has increased (83%) and that downtime may result in significant customer attrition (78%).  

While resilience metrics such as MTTR have improved, decreasing to 15.5 hours from 21.4 last year, much work remains to be done. Fewer than a third of organizations reported that they have a comprehensive approach to resilience. Approximately another third reported they have implemented a resilience strategy in pockets of the organization, while the remaining third said they have yet to implement any.

The need for resilience is great, but security teams know that they can't change the culture of their organization overnight — or do it alone. Building and sustaining a resilience strategy will require the buy-in and effort of numerous teams and leaders across the organization.  

Cross-organizational Collaboration Is Essential for the Future of Security

One positive finding from the research is that the vast majority (95%) of security teams will be supported by an increase in funding over the next two years. Teams are planning to direct these funds toward creating a faster-moving, more effective SOC. In fact, much of the spending will go toward purchasing tools that automate and orchestrate security operations. These security-focused allocations align with reported priorities to build an integrated software architecture that incorporates security analytics and operations, and speaks to goals around developing and more formal documented security operations processes.

It will take more than just an efficient, tightly run SOC, however, for organizations to survive. This year’s research also underscored collaboration as an essential ingredient for resilience, particularly between security teams and other functions throughout the organizations. This convergence will likely increase overall visibility around risks, while also improving threat identification and response processes.

Security teams have traditionally worked closely with the ITOps team, but we’re seeing a greater convergence with other adjacent functions such as digital experience, application development and observability. Whether it’s working together more closely or creating hybrid roles that span multiple functions, coming together allows organizations to make more concerted, streamlined efforts to minimize the damage sourced to incidents and other disruptions — and ultimately protect the data, brand and valuation of the organization.

It’s probably no coincidence that of the eight research-driven recommendations in The State of Security 2023, four of them discuss the value of cross-organizational partnership. This collaborative, and more unified approach is exciting and portends a lot of hope for the industry.  Looking ahead, the security teams that continue to partner cross-functionally will not only improve their security posture, but will also help their organization be more resilient to adversity and weather any storm ahead.

Read the full report to get our findings on the present security landscape and the strategies that will be essential for security teams to succeed.

Jason Lee
Posted by

Jason Lee

Jason Lee is Vice President and Chief Information Security Officer at Splunk. A highly respected technology executive with 20 years of experience in information security and operating mission-critical services, Jason led security for large enterprises prior to joining Splunk including Zoom and Salesforce, where he led the delivery of critical end-to-end security operations including company-wide network and system security, incident response, threat intel, data protection, vulnerability management, intrusion detection, identity and access management and the offensive security team. Before that, he spent 15 years at Microsoft and held various senior leadership roles, including Principal Director of Security Engineering for the Windows and Devices division, as well as Senior Director of Developer Services. As Senior Director of Developer Services, he oversaw the design and management of the mission-critical PKI for all products across the company. Lee holds a B.A. from Washington State University.

Show All Tags
Show Less Tags