With a steady increase in cyberattacks each year and a constantly evolving threat landscape, more organizations are turning their attention to building long-term cyber resilience: the ability of the workforce to adapt, respond, and recover from cybersecurity incidents, not merely the ability to detect and prevent them. To learn more about the state of cyber resilience, we surveyed senior security and risk leaders and found that cyber resilience indeed tops their list of strategic and spending priorities for organizations, driven largely by concerns about ransomware, supply chain and third-party attacks, and coding vulnerabilities.
While a majority of these leaders have cyber resilience programs in place, they are falling short and failing to prove teams’ real-world cyber capabilities. Half of organizations are not prepared for any kind of cyberattack and current confidence levels in cyber resilience are low. And although confidence in technical teams for cyber resilience is much higher than for the general workforce, many organizations continue to rely on ineffective and ad hoc methods for building cybersecurity competence and assessing resilience.
Key Findings:
- Cyber resilience tops the list of strategic priorities for organizations: It is the highest-ranked strategic priority and spending priority in 2023.
- The threat of cyberattacks and vulnerabilities are driving these priorities: Ransomware, supply chain risks, and vulnerabilities are chief among security leaders’ concerns.
- Current cyber resilience programs are falling short: Half of organizations are flying blind across a wide range of cybersecurity indicators despite having cyber resilience programs in place.
Organizations have a questionable reliance on industry certifications, classroom training, and ad hoc learning pathways.
- While almost all organizations encourage industry certifications, only 32% say they are effective at mitigating cyberthreats.
- Classroom training is offered too infrequently to be effective. Many rely on ad hoc and reactive learning pathways for cybersecurity team members to get up to speed on the latest vulnerabilities. None of these approaches work at the speed of cyber.
A commissioned study conducted by Osterman Research, May 2023
Published
May 17, 2023