Top concern for 86% of cyber professionals is unknown cyber risks

A report from Critical Start reveals that 86% of cyber professionals consider unknown cyber risks to be a major concern, a 17% increase from the previous year, emphasizing the need for effective threat detection and response. Key findings from the report include: 

• 66% of organizations have limited insight into the company’s cyber risk posture. 
• 65% of executives are worried that the organization’s risk mitigation priorities do not align with its cybersecurity investments. 
• 83% of cyber professionals have dealt with a cyber breach that required attention despite traditional threat detection and response measures. 

Security leaders respond

Chris Morales, Chief Information Security Officer at Netenrich:

“Balancing budget constraints with the increasing costs of cyber incidents is challenging. Cybersecurity is not just a cost center; it is crucial for overall business resilience and trust. Security burnout is a pressing issue, especially for security analysts and managers due to the growing volume of security events, skills shortages, and managing newer threats.

“Leveraging technology to enhance IT and security teams’ capabilities is key to staying ahead of threats within budget limits. A data-driven approach empowers professionals, maximizing existing investments and creating a better work environment for security and operations teams.”

Jason Soroko, Senior Vice President of Product at Sectigo:

“Cyber resiliency focuses on ensuring continuous operations during and after incidents, adapting defenses to evolving threats like advanced persistent threats and ransomware. A thorough risk assessment, a comprehensive resiliency plan, robust security architecture, and a well-defined incident response plan are crucial steps in achieving cyber resiliency.

“Continuous monitoring and real-time systems help detect and respond to incidents swiftly, minimizing operational, financial, and reputational damage.”

Piyush Pandey, CEO at Pathlock:

“Today’s cyber risks are focused on user access, requiring organizations to adjust access policies based on risk tolerance levels. It is important to eliminate access risk by conducting regular access risk assessments and ensuring compliance with access policies.

“Automation of critical tasks can help reduce workload and create a more proactive risk management program. Defining workflows for managing access and monitoring access exceptions in real-time can improve internal resources and reduce dependency on external resources.”