Vectra’s Security Leaders Research Report reveals that 74% of organizations experienced a significant security event that required incident response. 

The findings come as cyber threats increase and security and IT teams face mounting expectations to keep their organizations protected from such threats. Most (92%) of survey respondents stated that they had felt increased pressure to keep their organization safe from cyberattacks over the past year. 

The report unearths that the security industry still fails to keep pace with evolving cybercrime tactics, techniques, and procedures (TTPs). Legacy ‘prevention-centric’ security strategies and solutions, which fail to comprehend the complexities of modern attacker behavior, remain prominent, leaving organizations open and exposed to a potential data breach. 

Key findings of the research include:

  • 83% believe that traditional approaches do not protect against modern threats and that we need to change the game when it comes to dealing with attackers
  • 79% of security decision-makers have bought tools that have failed on at least one occasion, citing poor integration, failure to detect modern attacks, and lack of visibility as reasons 
  • 72% think that they may have been breached and don’t know about it — 43% think that this is “likely”
  • 83% say that the board’s security decisions are influenced by existing relationships with legacy security and IT vendors
  • 87% of respondents state that recent high-profile attacks have meant that boards are starting to take proper notice of cybersecurity

In addition to the 83% of respondents who acknowledged that legacy approaches don’t protect against modern threats, 71% think that cybercriminals are leapfrogging current tools and that security innovation is years behind the hackers. A further 71% feel that security guidelines, policies, and tools fail to keep pace with threat actor TTPs. The ongoing cybersecurity skills shortage was also cited as an obstacle to moving away from legacy security strategies, with 50% stating that they could use more security talent on their team. 

According to Tim Wade, Deputy Chief Technology Officer at Vectra, “organizations need security leaders who can speak the language of business risk and boards that are prepared to listen. But, most importantly, organizations need a technology strategy based around an understanding that it’s ‘not if but when’ they are breached.” 

For the full findings, please visit