Companies Suffer Crippling Business Damage During First 24 Hours of IT Outage
November 15, 2021
Share this

Most (83%) companies would suffer business damage during the first 24 hours of an outage and thereafter, according to Pivoting to Risk-Driven Security Operations, a report from Netenrich based on a global survey of IT and security professionals.


The survey also revealed interesting findings and contradictions when it comes to scaling security operations:

■ When looking to upgrade their security posture, 67% focused on tool upgrades yet organizations found that tool integrations (55%), lack of tool expertise (52%) and tool sprawl (41%) were their biggest pain points.

■ While security teams aspire to do more proactive and risk-driven operations, like risk management (37%), incident analysis (34%), threat modeling (29%), they spend most of their time doing foundational and reactive security tasks, like updating patches (43%), researching and analyzing critical incidents (41%) and removing false positives (40%).

Security teams are trapped doing the same thing they have been doing for years — reactive security. They're adding more tools, needing more resources and chasing thousands of alerts while lacking the contextual data and prioritization that's highly needed.

"Organizations fail to shift to a proactive approach that prioritizes security defenses around the most likely, highest business-impacting attack vectors," said John Bambenek, Primary Threat Researcher at Netenrich. "Security teams need to start evaluating business risk based on the likelihood of attack success and mapping that attack success to what it would actually cost the business. Focus on the critical issues that matter most to reduce the attack and outage impact."

The survey finds that companies want to do more threat modeling, incident analysis and risk management, however, very few employ it or even know how:

■ Less than 40% perform threat modeling.

■ Less than half conduct threat modeling on a daily (16%) or weekly basis (31%).

■ Only 30% practice external attack surface management.

"Our industry has taken an IT internal view to security rather than an attack external view of security," adds Bambenek. "Organizations need to shift mindsets, adopt a managed risk, not an IT-based approach. Security operations needs to be data-driven and predictive where continuous threat modeling runs at its core."

Other key findings from the report include:

■ 80% of companies have 30% or less of their IT budget dedicated to security.

■ Companies experienced minimal security budget increases despite growing IT demands as a result of remote work shifts and COVID impact: 19% reported no increases to security budgets, 29% received less than 10% budget and 8% received 50% or more budget increase.

■ Companies looked to MSPs to augment their security operations: 47% rely on managed services to run their ops entirely or in hybrid arrangements.

■ MSPs have an opportunity to expand their services by offering advanced, risk-based security and threat modeling services: only 17% of MSPs are offering threat modeling.

Methodology: Administered by Dimensional Research, a total of 333 qualified global IT and security professionals participated in the survey and carried enterprise security responsibilities at medium to enterprise-sized companies.

Share this

The Latest

April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...

April 24, 2024

Over the last 20 years Digital Employee Experience has become a necessity for companies committed to digital transformation and improving IT experiences. In fact, by 2025, more than 50% of IT organizations will use digital employee experience to prioritize and measure digital initiative success ...

April 23, 2024

While most companies are now deploying cloud-based technologies, the 2024 Secure Cloud Networking Field Report from Aviatrix found that there is a silent struggle to maximize value from those investments. Many of the challenges organizations have faced over the past several years have evolved, but continue today ...

April 22, 2024

In our latest research, Cisco's The App Attention Index 2023: Beware the Application Generation, 62% of consumers report their expectations for digital experiences are far higher than they were two years ago, and 64% state they are less forgiving of poor digital services than they were just 12 months ago ...

April 19, 2024

In MEAN TIME TO INSIGHT Episode 5, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses the network source of truth ...

April 18, 2024

A vast majority (89%) of organizations have rapidly expanded their technology in the past few years and three quarters (76%) say it's brought with it increased "chaos" that they have to manage, according to Situation Report 2024: Managing Technology Chaos from Software AG ...

April 17, 2024

In 2024 the number one challenge facing IT teams is a lack of skilled workers, and many are turning to automation as an answer, according to IT Trends: 2024 Industry Report ...

April 16, 2024

Organizations are continuing to embrace multicloud environments and cloud-native architectures to enable rapid transformation and deliver secure innovation. However, despite the speed, scale, and agility enabled by these modern cloud ecosystems, organizations are struggling to manage the explosion of data they create, according to The state of observability 2024: Overcoming complexity through AI-driven analytics and automation strategies, a report from Dynatrace ...

April 15, 2024

Organizations recognize the value of observability, but only 10% of them are actually practicing full observability of their applications and infrastructure. This is among the key findings from the recently completed Logz.io 2024 Observability Pulse Survey and Report ...

April 11, 2024

Businesses must adopt a comprehensive Internet Performance Monitoring (IPM) strategy, says Enterprise Management Associates (EMA), a leading IT analyst research firm. This strategy is crucial to bridge the significant observability gap within today's complex IT infrastructures. The recommendation is particularly timely, given that 99% of enterprises are expanding their use of the Internet as a primary connectivity conduit while facing challenges due to the inefficiency of multiple, disjointed monitoring tools, according to Modern Enterprises Must Boost Observability with Internet Performance Monitoring, a new report from EMA and Catchpoint ...