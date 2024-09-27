BY Kevin Pierce3 minute read

The number of data breaches in the first half of 2024 is already 14% higher than 2023, with over a billion victims so far—a 490% increase from last year.

But if the attack landscape looks so threatening, why are 74% of security professionals still confident in their ability to detect and respond to cyberattacks in real time? What’s more startling: Confidence rises the closer you get to the corner office. Eighty-one percent of C-suite security leaders report a high degree of faith in their current cyber posture compared with only 66% of their frontline security managers. This disconnect leads to a fundamental misunderstanding of cyber risk, significantly increasing the chance of a successful attack. UNDERESTIMATING RISK IN AN UNSTABLE THREAT ENVIRONMENT

Today’s threat environment is riskier than ever due to attacks driven by artificial intelligence (AI). In fact, 55% of companies report modern cybercriminals are now more advanced than their internal teams. Despite this sobering fact, the corner office still underestimates the intensity of threats against their organization. Half of frontline security managers say cyberattacks increased in frequency (55%) and severity (50%) in the past year, compared to just 33% and 38% of C-level security leaders, respectively. Additionally, C-level security leaders are overconfident in their organization’s ability to respond quickly when they are inevitably attacked. Forty-two percent of C-suite leaders say it takes their team three days or less to recognize and respond to a cyberattack. However, only 18% of frontline security managers say they could respond within three days.

There’s also a disconnect around the impact of false positives. Thirteen percent of C-level cyber leaders say their team was late to respond to a cyberattack because it was dealing with a false positive—yet 42% of frontline security managers say that’s their reality. Further, 36% of cyber executives say their team spends more than three hours each week dealing with false positives, as opposed to 71% of managers. And the ultimate disconnect between the C-suite and frontlines: 74% of corner office security leaders rate their cyber defense as mature, compared with only 29% of managers. Overconfidence in capabilities and underestimation of risk is a dangerous combination. THE IMPACT OF UNDERREPORTING

As noted, the rate of reported cyber breaches is exploding. And that’s reported incidents. Why is that important? Because 58% of frontline managers report that they have personally or had someone on their team intentionally not report a cyber incident out of fear of losing their job. With security teams today being overworked and underfunded, it’s easy to miss things. But a corporate culture in which reporting is discouraged only reinforces the C-suite’s overconfidence—they’re simply not hearing about what’s going wrong in their own companies and underappreciating the actual level of risk in today’s business environment.

3 WAYS TO BREAK THE OVERCONFIDENCE CYCLE C-level security leaders can take the following three actions today to get a more accurate picture of their organization’s cyber posture and risk. 1. Challenge Cyber Posture Overconfidence

The first step is to open communication with frontline security team members to better understand their daily challenges. By understanding, for example, how much time they spend each week dealing with false positives or what they need to respond to an attack quickly and effectively, security leaders can create more impactful strategies and ensure that teams are equipped with the resources and tools needed to defend the organization. 2. Empower Frontline Managers With The Right Technology

With the severity and frequency of attacks increasing, cyber teams need more technology—period. Generative AI (GenAI) is one tool that can help increase security efficiency and impact. Security teams can use GenAI to manage alert fatigue, close the talent shortage and skills gap, and help reduce human error. They can also use GenAI to simulate a wide range of cyber threats, identify vulnerabilities, and become more prepared to respond. Ultimately, security teams that use AI see an average cost savings of $2.22 million, according to IBM. 3. Create A Culture Of Transparency From The Top Down