More than half (53%) of the respondents identified the “need to secure their organization’s entire attack surface” as their top priority, emphasizing external attack surface management solutions as critical elements to securing organizations and preventing attacks.
“A significant part of the lack of visibility is the capabilities of the tools that the organization is using, but another significant portion is either a lack of understanding or a misconfiguration of the organization’s attack surface,” Steffen added. “Constantly changing enterprise environments — from new technologies to updates, new vendors, and third-party connections — also sometimes contribute to the attack surface.”
Additionally, the report found 65% of security teams lacked qualified resources, leading to significant burnout among senior leaders and their team members.
Preferred measures include zero trust, cyberinsurance
Fifty-eight percent of respondents took defensive actions in the form of shifting to (or increasing) zero trust in the last year. According to the report, this was caused by a mix of factors, including increased global tensions and leading nation-state actors, globally distributed devices, and the White House’s new cybersecurity strategy.
A significant number (91%) of the respondents said their organization has cyberinsurance in place, however, over a quarter (27%) do not understand the total obligations of their insurance policy.
This is because the insurance market itself is in flux, with changing standards, claim processes, and policy assessment types, according to Steffen. “According to a recent EMA survey, 75% of ransomware payees reported that paying the ransom resolved all the expected problems, while another 22% and 53% considered paying the ransom as cost and downtime saving respectively.”
