Security leaders' perception of their own cyber resilience was analyzed in a recent study by Immersive Labs. Despite high confidence in overall resilience, the study found that teams are insufficiently prepared for threats, as 82% agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared, and more than 80% don't think, or are unsure, their teams have the capabilities to respond to future attacks.
Seventeen percent of respondents consider their cybersecurity team to be fully-staffed and almost half of respondents admit they aren’t able to measure cyber capabilities, further eroding confidence in the organization’s preparedness. When cyberattack prevention and damage control are both lacking, organizations may be more vulnerable than initially thought.
Other findings include:
- 84% of respondents agree that cybersecurity teams feel increasing pressure to be prepared for the next cyber attack.
- 72% agree the threat landscape is becoming more challenging.
- Senior leaders should be sharing breach readiness and incident response results to a greater degree, but fewer than 60% do so today. In addition, over half (55%) agree their cybersecurity team doesn’t have the data needed to demonstrate readiness to properly respond to cyber threats.
- Less than one-third (32%) believe their organization has a formal strategy to ensure cyber resilience.
- 83% of respondents think their cybersecurity team is understaffed, and 94% experienced at least one talent management challenge with the cybersecurity team.
- 64% of respondents agree that traditional cybersecurity training methods (e.g., certifications, video training courses, classroom instruction) are insufficient to ensure cyber resilience.