A recent study reveals that security teams are unprepared for ransomware and struggle with increasing regulatory complexity.

The Impact of Continuous Security Validation study, released by SafeBreach and conducted by S&P Global Market Intelligence, surveyed 400 highly qualified security practitioners across the United States and Europe on the biggest security challenges, which CSV tools they are using, the level of adoption and maturity of those tools and the business outcomes they achieved.

A majority of respondents said regulatory complexity is a top challenge with 46% saying the increasing complexity/effort to comply with regulations and internal security policies is a primary challenge. In addition, 45% of respondents were also concerned with the increased costs/risks associated with their growing attack surface.

Other key highlights include:

  • Ransomware attacks surge, but organizations are not prepared: 47% experienced a ransomware attack in the past year but only half of those companies had a formal ransomware recovery and remediation plan in place. 56% of victims paid the ransom but only 39% of payments resulted in successful data recovery.
  • “Swivel chair management,” also known as tool overload, creates security gaps: Analysts have access to an average of 21-30 tools in total, using 11-20 of them regularly (at least weekly). Respondents are overwhelmed by the effort to install, maintain and train on these tools, and are concerned about delays in incident response.
  • Breach and attack simulation (BAS) capabilities help reduce business and operational risk: 95% of respondents value identifying unpublished, signatureless and zero-day vulnerabilities. 54% said increased visibility into security control performance and posture was their primary ROI driver.
  • The cyber skills shortage continues to plague organizations with 48% of respondents indicating they are very concerned, and 43% are somewhat concerned about the skills shortage, amounting to 91% showing concern about staffing.