Is There a False Sense of Security in Cybersecurity?
Research shows IT leaders think they have cybersecurity well-handled, but their confidence isn’t backed up with a mature strategy.
In September 2021, Rackspace Technology® conducted a global survey to discover the current state of cybersecurity across organizations, industries and regions. The study surveyed 1,420 IT leaders in a variety of industries, including manufacturing, finance, retail, government and healthcare across the Americas, Europe, Asia and the Middle East.
Overconfidence within cybersecurity
The survey revealed what might be the biggest problem in cybersecurity today: current or future confidence is not backed up with a mature cybersecurity strategy. Respondents believe they either have cybersecurity “well-handled” now (45%) or will have it well-handled within three years (45%).
While nearly 90% of respondents reported feeling confident that their organizations can handle almost all aspects of cybersecurity defense both now and in the future, the data suggests a different story. When asked about specific, mature practices in cloud security, few could provide clear answers or point to proactive strategies that will set them up for success in the face of the unknown.
When questioned about their organization’s levels of cybersecurity maturity and security integration, we discovered disparities between perceived and actual levels of cybersecurity strength. Many organizations simply aren’t prepared to identify and mitigate threats, prevent cybersecurity lapses or respond to attacks and potential threats in order to prevent a breach.
What is a mature cybersecurity strategy?
A mature cybersecurity program requires significant, ongoing attention to people, processes, and technology. Despite our participants’ confidence in their ability to develop and execute cybersecurity strategies, the reality is that cybersecurity is not a mature, ingrained principle or culture within their organizations. The result is that organizations still struggle with implementing robust cybersecurity programs. They, by and large, still have an overly heavy reliance on aging, traditional methods of cybersecurity, rather than modern cloud-centric processes.
Gone are the days when traditional firewalls and host-based controls were enough to secure your data and applications. Signs of a mature cybersecurity strategy include cloud-centric solutions and security built into DevOps. With security automation, you can build an environment that’s designed to address today’s biggest threats. However, only 30% of respondents in our survey use cloud-native tooling mixed with third-party tools, and just 12% reported DevSecOps integration.
Threats increase while budgets remain flat
Despite the reality of rising threats and breach opportunities, respondents anticipate that their budgets will remain flat over the next three years. We also found that their cybersecurity budget typically represents only 2.5% to 10% of their organization’s total IT budget.
When it comes to cybersecurity management, overwhelmingly, participants in our study indicated “lack of expertise” and “lack of resources” as the top two challenges they encounter. And with 3.5 million jobs going unfilled this year, many organizations will face big challenges when migrating to the cloud and driving digital transformation.
In our survey, 86% of respondents say their organizations lack the necessary skills and expertise to respond to a growing array of threats. This is probably related to the overall number of employees dedicated to cybersecurity in each organization. Participants indicated that, although they do work with external experts for cybersecurity solutions, they prefer to keep cybersecurity capabilities in-house.
The cybersecurity talent crunch
Reasons for today’s cybersecurity skills gap range from constrained budgets to the great resignation. But perhaps one of the biggest reasons for this gap is the simple fact that technology is accelerating faster than most companies can train internal IT staff to implement the cutting-edge technologies required to fight cyberthreats. That’s where a good partner can help. But the process of selecting a security partner comes with its own requirements, including the need to evaluate your candidates to ensure they’re keeping pace and can be more strategic in terms of your investment. It also requires that you make an honest assessment of where your gaps lie, and your access to resources as you face ever-growing, ever-scaling security challenges.
Learn how to enhance your cybersecurity strategy
To learn more about building a mature cybersecurity strategy, download our white paper: Is Cybersecurity Meeting Today’s Intensifying Challenges?
Download the report 'Is Cybersecurity Meeting Today’s Intensifying Challenges?'
About the Authors
Rackspace Technology Staff - Solve
The Solve team is made up of a curator team, an editorial team and various technology experts as contributors. The curator team: Srini Koushik, CTO, Rackspace Technology Jeff DeVerter, Chief Technology Evangelist, Rackspace Technology The editorial team: Gracie LePere, Program Manager Larry Meyer, Creative Management Royce Stewart, Chief Designer Simon Andolina, Design Tim Mann, Design Abi Watson, Design Debbie Talley, Production Manager Chris Barlow, Editor Tim Hennessey Jr., Writer Stuart Wade, Writer Karen Taylor, Writer Meagan Fleming, Social Media Specialist Daniel Gibson, Project ManagerRead more about Rackspace Technology Staff - Solve