A report from Critical Start reveals a majority of cyber professionals (86%) consider unknown cyber risks to be a top concern. This represents a 17% increase from the previous year, highlighting the importance of effective threat detection and response. Key findings from the report include: 

• 66% of organizations have limited insight into the company’s cyber risk posture. 
• 65% of executives are concerned the organization’s risk mitigation priorities do not align with its cybersecurity investments. 
• 83% of cyber professionals experienced a cyber breach that required attention. This is in spite of traditional threat detection and response measures. 

Security leaders respond

Chris Morales, Chief Information Security Officer at Netenrich:

“Navigating the balance between budget constraints and the escalating costs of cyber incidents is challenging. However, cybersecurity is not just a cost center. It is a critical component of overall business resilience and trust. In addition, security burnout, an escalating issue in the cybersecurity community, has reached a crucial point, especially for security analysts and managers handling their organization’s security operations. This burnout is primarily due to the increasing volume of security events and is further exacerbated by a skills shortage and the complexity of managing these newer threats. 

“Embracing technology that amplifies IT and security teams’ capabilities enables them to stay ahead of threats despite budgetary constraints. The solution is not simply acquiring more tools or hiring more talent but a strategic shift towards a data-driven approach. This approach empowers IT and security professionals, unlocking greater value from existing investments while enhancing the work environment for security and operations teams.”

Jason Soroko, Senior Vice President of Product at Sectigo:

“Unlike traditional cybersecurity, which focuses on prevention, cyber resiliency ensures continuous operations during and after incidents. As threats evolve, so must an organization’s defenses, adapting to advanced persistent threats, zero-day exploits, ransomware and supply chain attacks. Cyber resiliency is crucial for business continuity, minimizing operational, financial and reputational damage, meeting regulatory requirements, and maintaining customer trust.

“Achieving cyber resiliency begins with a thorough risk assessment to identify and prioritize assets, threats, vulnerabilities and potential impacts. Developing a comprehensive resiliency plan that includes strategies for prevention, detection, response and recovery is essential. Implementing a robust security architecture with layered defenses and establishing a well-defined incident response plan with clear roles and responsibilities are critical steps. Continuous monitoring, including real-time systems and threat intelligence, helps detect and respond to incidents swiftly.” 

Piyush Pandey, CEO at Pathlock:

“Whereas cyber risk monitoring was traditionally focused on the IT infrastructure risks presented by hardware software bugs, today’s threats are focused on user access. Organizations need to know what level of risk they are willing to take with user access and adjust their access policies accordingly. That is trickier than it sounds because a policy that is too restrictive hampers productivity and causes user frustration which often leads to work-arounds that create greater risk. Organizations can stay ahead by eliminating access risk — early and often. From doing access risk analysis prior to providing access to ensuring access is granted in a compliant manner supported by regular user access risk assessments and certifications, an organization can ensure that they are doing all they can to create a zero-risk environment. 

“Like many functions in an organization, challenges are driven by the costs associated with internal and external resources. In the case of monitoring cyber risk, the ability to automate critical, but routine tasks can help reduce the workload of internal audit, risk management and IT security. Defining a well thought out set of workflows for managing access and monitoring access and transaction exceptions in real time can free up internal resources, reduce the dependency on external resources, and create a more proactive risk management program.”