- According to the report, AI-based threats are evolving faster than organizations can keep up with.
- Companies use countless security dashboards and tools, creating even more confusion
- Simplification starts with a “trusted” data source.
With cyber threats on the rise, two in three security leaders (65%) fear being blamed in the event of a serious security breach, which would make the role less attractive and could even leave many organizations struggling to fill positions.
A new study from Panaseer shows that the average cost of cyber incidents per affected organization is $14 million per year, or 73% of their security budget, a budget that has clearly left them stranded and vulnerable from the start.
As systems became more complex, Panaseer found that three out of four attacks exploited multiple control flaws, and nearly two-thirds reported that attackers had bypassed controls they believed should have prevented the breach.
The role of CISO is no longer so attractive
The situation is getting worse with the rise of AI-based threats, with more than three-quarters (77%) fearing they are evolving faster than teams can respond.
Organizations currently use an average of 61 security tools and 58 dashboards and conduct or respond to 28 audits per year, which take an average of eight days to complete.
“The complexity of the IT landscape, the proliferation of cyber tools and the rapidly evolving threat environment, as well as the increasing demands of regulatory agencies, make it very difficult to maintain even basic hygiene,” said CEO Jonthan Gill.
While 77% believe traditional tools are inadequate for the current threat landscape, doing more does not appear to be the best solution, with many reporting costly audit delays or failing to demonstrate the effectiveness of controls to managers.
“For CISOs, it’s water, water everywhere, but not a drop to drink,” Gill added. Panaseer calls for deep simplification, starting with a “single, trusted source of hard data” and dashboards that speak the language of stakeholders and auditors.
“Without this, security teams can’t track controls and progress, organizations can’t understand the risks, and businesses will continue to lose millions due to preventable security breaches.”
