70% of orgs feel 25-100% of Cybersecurity Budget Wasted

Despite 43% of businesses believing their biggest challenge in detecting and remediating threats is an over-abundance of tools

LONDON, UK – 19 July 2022 – A worrying 73.48% of organizations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal. The survey conducted by Gurucul, the leader in security and fraud analytics technology, among 180 attendees at the 2022 RSA Conference was asked what attendees felt were the biggest threats to their security operations and efficiencies

Only 25% of organizations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organization, it seems over 70% saw the biggest cybersecurity challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.

The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33.15% of respondents stating that it still takes their organization days and weeks to detect threats, with 6% not being able to detect them at all.

“Given the sophistication and attack-techniques that threat-actors deploy these days, even the ability to detect threats within hours isn’t fast enough, it still gives attackers plenty of time to gain a stable foothold within an organization’s network,” comments Saryu Nayyar, CEO of Gurucul. “While these statistics are alarming, they aren’t surprising. What is worrying, however, is the number of respondents that don’t feel that insider threats can pose a danger to business. Particularly, with cybercriminal groups targeting individuals to recruit in order to help them gain access to networks. Fact is, 98% of companies are vulnerable to insider threats, and not enough is being done to prevent or protect against them.”

According to the study, 33.15% have spent hundreds of thousands of dollars trying to remediate threats and 15.47% said millions of dollars, demonstrating the extent to which organizations are willing to go to protect themselves against malicious actors. It also hints at the fact that many of these chosen solutions potentially don’t deliver the expected results; reflected in 41.99% believing approximately 50-100% of their budget has been wasted on these efforts.

Nayyar continues, “Despite organizations admitting to this, 28.7% are aware that speed is the key to remediating threats. The faster an organization can identify and address new, emerging and unknown threats, the better protected it will be. This goes hand in hand with automation, which would allow organizations to foster 24/7 incident response, even over holiday periods or staff shortages, cultivating a much more robust cybersecurity culture.”

Get your copy of the survey here: https://gurucul.com/resources/whitepapers/security-operations-efficiency-survey

About Gurucul

Gurucul is a global cyber security company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud.  Gurucul’s real-time Cloud-native Security Analytics and Operations Platform provides customers with Next-Gen SIEM, Open XDR, UEBA, and Identity & Access Analytics. It combines machine learning behaviour profiling with predictive risk-scoring algorithms to predict, prevent, and detect breaches. Gurucul technology is used by Global 1000 companies and government agencies to fight cybercrimes, IP theft, insider threat and account compromise as well as for log aggregation, compliance and risk-based security orchestration and automation for real-time extended detection and response. The company is based in Los Angeles. To learn more, visit https://gurucul.com/ and follow us on LinkedIn and Twitter.