A recent survey analyzed the cybersecurity operations of security leaders. The 2023 Cybersecurity Assessment Report from Bitdefender revealed top security concerns, practices and key challenges businesses are facing across their environments.

The report is based on an independent survey and analysis of IT and security professionals ranging from manager to chief information security officer (CISO) who work in companies with 1,000 or more employees in geographical regions including France, Germany, Italy, Spain, United Kingdom (U.K.) and the United States (U.S.).

Key findings from the report include:

More than two in five (42%) of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential. At 71%, IT/security professionals in the U.S. were the most likely to say they have been told to keep quiet, followed by the U.K. at 44%, Italy at 36.7%, Germany 35.3%, Spain 34.8% and France 26.8%.

At the same time a large percentage are told to keep breaches confidential, 52% of global respondents said they have experienced a data breach or data leak in the last 12 months. The U.S. led at 75% (or 23% higher than average) followed by the U.K. at 51.4% and Germany at 48.5% rounding out the top three. Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. Over half (55%) of respondents agree they are worried about their company facing legal action due to a breach being handled incorrectly.  

When asked about the security threats that pose the greatest concern, respondents indicated they are most concerned about software vulnerabilities and/or zero-days threats (53%), closely followed by phishing/social engineering threats (52%) and attacks targeting the supply chain coming in at third (49%).

More than two in five (43%) of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud and hybrid) is the greatest challenge they face which tied with complexity of security solutions also at 43%. Not having the security skill set to drive full value came in as a strong second at 36%. Italy and France cited lack of security skill set as their biggest challenge at 49% and 45%.

Almost all respondents globally (99%) stated that using a managed security provider, such as a managed detection and response (MDR) service, is a critical element of their security programs with almost all (99%) of respondents stating they are either currently using or considering using a managed security provider. The top reason respondents gave include the ability to have 24x7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents identified proactive threat hunting as important.