Traditional security approaches that rely on reactive mitigation measures and manual processes aren't keeping pace with current cyber threats. As a result, 27% of all executives and 40% of chief security officers (CSOs) say their organizations are not well prepared for today's rapidly shifting threat landscape.

A study from Skybox Security and conducted by ThoughtLab surveyed executives and analyzed the cybersecurity investments, practices and performance of 1,200 companies and public-sector organizations in 16 countries and a wide range of industries.

On average, organizations experienced 15% more cybersecurity incidents in 2021 than in 2020. In addition, material breaches — defined as those generating a large loss, compromising many records, or having a significant impact on business operations — jumped 24.5%.

The top four causes of the most significant breaches reported by the affected organizations were: 

• Human error 
• Misconfigurations 
• Poor maintenance/lack of cyber hygiene 
• Unknown assets

"What's notable about this list is that all of these conditions result from mistakes or manual processes inside organizations — which means they are all, in principle, avoidable," said Ran Abramson, Threat Intelligence Analyst at Skybox Research Lab. "The clear implication is that, however pernicious external threats have become, cybersecurity teams still have the power to repel them."

The study found that organizations that prevented breaches ranked higher in cybersecurity progress as measured by the National Institute of Standards and Technology (NIST) framework. Beyond the NIST framework, 48% percent of organizations with no breaches in 2021 had implemented risk-based cybersecurity management strategies. They also performed better in key cybersecurity metrics: 46% were top performers in time to respond to a breach.

For more cybersecurity insights, read the report.