The average dwell time is nine weeks.
LANDSCAPE
It’s hard to get ahead of the attackers
While only 53% of security teams (down from 66% last year) say it's harder to keep up with security requirements, everyone struggles to escape a purely reactive mode:
- 64% of SOC teams pivot, frustratingly, from one security tool to the next.
- 87% of orgs say they’ve been a target of ransomware.
- 88% of respondents report ongoing talent challenges.
GOALS
Resilience is the goal — and, increasingly, the reality
Few organizations have a holistic approach to resilience, but it’s clearly what they’re aiming for:
- MTTR is the top metric by which the business measures security success.
- 81% of SOCs are collaborating more with IT operations to improve resilience.
- Yet 31% of security teams say they have yet to formally implement any resilience strategies.
Just 31% of orgs have an enterprise-wide approach to resilience.
Dwell time for successful penetrations averages nine weeks.
THREATS
More attacks, longer dwell times, higher costs
Fifty-two percent of orgs report suffering a recent data breach, up from 49% last year, and 39% the year before. Ransomware is ubiquitous: This year, 87% of orgs say they were targets of ransomware attacks (up from 79% last year). Effects include:
- Significant personnel time needed for remediation (57% of orgs)
- Loss of confidential data (48%)
- Lost productivity for end users (41%)
See the report for details on supply chain attacks, business email compromise, malicious insiders and DDoS attacks.
LESSONS
Lessons from security leaders
To meet new and persistent challenges, 51% of respondents plan investments that combine cyber resilience with traditional business continuity/disaster recovery preparation.
Leading security orgs in our survey also:
- Are 10-15% more likely to use analytics to identify cyber risks, improve threat detection and automate remediation
- Are increasing the frequency of meetings between the CISO and the C-suite/board
