Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyberattacks

  • Data
  • 02.10.2023 02:45 pm

Kroll, the leading independent provider of global risk and financial advisory solutions, has released The State of Cyber Defense Report 2023: Detection and Response Maturity Model, which discovered that 91% of cybersecurity professionals believe that their cyber detection and response processes are “very mature” or “somewhat mature,” yet, in fact, only 4% have mature processes in place. The model places organisations into three different stages of their cyber detection and response maturity journey; the three categories are Novice, Explorer and Trailblazer which reflect a low, medium and high level of maturity, respectively. The model illustrates that of those surveyed, 23% of businesses are Novices, 73% are Explorers and 4% are Trailblazers. 

In the last year, businesses experienced an average of five major security incidents that resulted in data compromise or financial impact. Kroll’s model identified that Trailblazer organisations experience 30% fewer security incidents. Further, 23% of Trailblazer organiations did not experience a single significant data breach in the last year. This combined with the high cost of a data breach demonstrates that high cyber maturity could save businesses millions of dollars a year. 

When looking at the behaviour of businesses within each group, a perception problem is made evident. Indeed, 43% of those placed in the Novice group feel that their detection and response measures are very mature with no improvement required. Further, organisations in the Trailblazer group are less likely to report that they are very mature (13%) compared to Explorer or Novice organisations. This would indicate that those in the Trailblazer group have a greater awareness of what it means to be cyber mature. 

Mark Nicholls, Chief Research Officer, Cyber Risk, Kroll, commented: "It's both interesting and concerning that our findings highlight a significant gap between how businesses view their level of cyber maturity and how they approach their cybersecurity in practice. 

“It’s also clear that achieving and maintaining long-term cyber resilience is more challenging than expected. Based on the fact that ‘Trailblazer organizations’ are more likely to self-assess as ‘not very’ cyber mature, it would appear that having a healthy dose of ‘cyber cynicism’ is a distinct advantage for organizations seeking to maintain their cyber resilience. Adopting a willingness to question established infosec processes and a drive to review and update tools and solutions with the support of proven security partners is key to improving maturity. 

“Beyond a level of cynicism, businesses also need the right technology in place so that they can see the true scope and profile of the threats they face, including robust detection and response capabilities and an effective MDR solution. With the right tools and a healthy dose of self-awareness, organizations are on the right track towards true cyber maturity." 

Key global findings from The State of Cyber Defense 2023: Detection and Response Maturity Model include: 

  • The perception problem: 91% of cybersecurity professionals self-reported that their cybersecurity practices were “very mature” or “somewhat mature”. However, the analysis shows that only 4% of businesses have mature detection and response practices in place.  
     
  • Trailblazers can expect fewer significant data breaches: 23% of organisations in the Trailblazer group did not experience a single significant data breach that resulted in data loss or financial impact in the last year. This is notably higher than those in the Explorer (4%) and Novice groups (2%). Considering the cost of a data breach, there are considerable financial incentives to becoming a Trailblazer. 
     
  • Insurance is a mature option: Over half (51%) of Trailblazer organisations have cyber insurance, compared to 7% for organisations in the Novice group. 
     
  • Outsourcing is key: Almost eight in 10 (79%) organisations in the Trailblazer group outsource part of their cybersecurity services. This is notably greater than those in the Explorer (52%) or Novice (34%) groups.
     
  • Only the basics are being covered: Worryingly, a fifth of organisations (20%) only have the basics—cybersecurity monitoring—in place. Further, only 3% of organisations have all the recommended detection and response elements in their cybersecurity program. These include crisis management, threat intelligent enrichment, detection engineering and recovery capabilities.  
     
  • The differences in trust between Novice and Trailblazer: Security teams generally trust employees to avoid falling victim to a cyberattack (66%) above accuracy of cybersecurity alerts and the effectiveness of tools. However, when looking at the data through the lens of cyber maturity, Trailblazers trust their employees to avoid a cyberattack the least (54%) and the effectiveness of cybersecurity tools is trusted the most (69%). 
     
    The State of Cyber Defense Report 2023: Detection and Response Maturity Model analysed data from a survey of 1,000 senior IT security decision-makers in Q1 2023 at firms with $50 million (mn) to $10 billion (bn) in revenue. The survey was carried out by an independent specialist in market research, Vanson Bourne, and all respondents had some responsibility or knowledge of cybersecurity within their organisation. Respondents were from the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan and Brazil. 

    Explore The State of Cyber Defense 2023Detection and Response Maturity Model and see the interactive model on the Kroll website with data split by revenue, industry and region.

Related News