According to Foundry's 2022 Security Priorities Study, which surveyed nearly 900 surveyed security leaders around the world, 90% think their organization is not doing enough to address cybersecurity risks.
The growing problem companies face today is that the technology threats are evolving too fast for cybersecurity staff to keep pace. Combine this with the fact many companies are short-staffed in their cybersecurity departments, and many businesses find themselves highly vulnerable to cyberattacks.
"If you're short-staffed, you can't have someone looking at every alert," said Bob Bragdon, SVP and managing director of Foundry's CSO Worldwide.
When it comes to keeping up with security threats when faced with these shortages, 45% of IT executives rely on existing staff taking on more responsibilities, while 45% use automation technology and 42% outsource their security functions.
Security professionals surveyed by Foundry agreed that automation is a key tool for improving incident responses and maintaining skilled security staff. For example, 34% of companies are looking into SOAR (Security Orchestration, Automation, and Response) technology, which combines human and machine power to address incident reports.
Employee mistakes remain a leading factor behind IT security scares, Foundry found: 34% of respondents said non-malicious user error was the top cause of cybersecurity incidents, although this was down from 44% in 2021. This factor was followed by third-party security vulnerabilities (28%), unpatched software vulnerabilities (26%), and software supply chain breaches, which accounted for 17% of incidents.
Security leaders have difficulty convincing all or parts of their organization of the severity of cybersecurity risks, and are struggling to find and keep the right security staff to keep their organization secure.
In addition, security leaders report that their organization is failing to invest enough into technology, people or budget to properly address security risks, and that security is often an afterthought during application development. Cybersecurity training is also lacking across all levels of staff, the report found.
When it comes to allocating money to cybersecurity, larger enterprises spend about $122 million and smaller businesses spend about $16 million, with the average annual security budget coming in at $65 million, according to Foundry.
Looking to the future, 51% of respondents said endpoint security protections for laptops, desktops, and servers are currently in the works to prevent future security risks. Security awareness training is on the agenda as well, with 46% of respondents planning to invest more in training.
More than a fifth (22%) of security leaders plan to upgrade their existing technology, including better multi-factor authentication, while 21% plan to upgrade data backup and recovery technologies.
Meanwhile, 32% are researching zero-trust technologies, an approach to IT systems where a network does not automatically trust a device just because it's used internally. Over 20% of businesses expect to implement zero-trust technologies, compared to 13% last year, Foundry found.