Trust in an organization's ability to stop a cyberattack was analyzed in a recent report by Kroll. The report findings reveal that 37% of senior security decision-makers “completely” trust that their organization is protected and can successfully defend against all cyberattacks, despite organizations experiencing an average of five major security incidents in the last year.

The correlation between the number of security tools and the number of security incidents suggests that trusting security tools alone is misguided, and security teams may not fully understand the threats they face. Further, despite the number of security tools deployed, 24% have a managed detection and response (MDR) or managed security service provider (MSSP) solution. 

Key global findings include:

  • Over a third (42%) of information security decision-makers reported a lack of trust as their biggest challenge, and 95% information security decision-makers do not feel as though senior leadership trusts their security teams to protect their organizations from threats.
  • Trust in employees to stop a cyberattack (66%) is ranked higher than the ability of the security team to identify and prioritize security gaps (63%), the accuracy of data alerts (59%), the effectiveness of cybersecurity tools and technologies (56%) and the accuracy of threat intelligence data (56%).
  • The higher the average number of platforms used, the more cybersecurity incidents organizations have experienced. The number of incidents and the fact that 24% have MDR show that having the right tools, and not the number of tools, is an important factor in cyber protection.
  • A lack of communication is the most frequent cause for a loss of trust, as reported by 47% of information security decision-makers: Almost all (97%) reported that they do not have complete trust across all aspects of their organization.
  • An overwhelming majority (98%) agree there is a cost to a lack of trust in the workplace, with more complexity being the greatest perceived consequence (37%) globally.
  • 23% of businesses have cybersecurity insurance. Twenty percent of IT and security professionals who say that their security operations are cyber mature have cyber insurance.
  • 98% of those that do not already outsource their cybersecurity services have (or are considering) plans to do so, with 51% intending to do so in the next 12 months. However, 89% of IT and security decision-makers say improvement is needed in the transparency between their security teams and security vendors.