Global survey of security pros finds 87% of organizations impacted by cyber threats they couldn’t detect or neutralize last year
October 2024 by Red Canary
Red Canary released a new report, Security Operations Trends Report, providing insight into critical challenges facing modern cybersecurity teams. Partnering with independent research company Coleman Parkes, Red Canary surveyed 700 security leaders from the US, UK, New Zealand, Australia and Nordics. The survey findings show that traditional Security Operations Center (SOC) approaches are increasingly unsustainable in addressing modern threats. In the past year, 87% of organizations experienced security incidents that they were unable to detect and neutralize, leading to data compromise, outages, fines, audit failures, and reputational damage.
The report highlights the growing pressure on SOC teams and the impact on organizational risk:
Complexity is increasing: 73% say their attack surface has widened by 77% in the past two years, and 64% struggle with knowledge gaps when it comes to securing new technologies.
The risk of new technologies: 62% say AI adoption has made security more difficult, while all respondents face cloud security challenges.
Threats are rising faster than detection capabilities. 77% of respondents say adversaries are moving through intrusion chains more quickly, yet 85% admit their detection deficit (the time between detection and resolution) has stayed the same or worsened over the past year.
Tool overload and alert fatigue limit teams from being proactive: Security teams, on average, use over 90 security tools, yet 60% report "too much noise and too many security alerts" to manage effectively. Teams spend twice as much time on operational tasks as opposed to cyber readiness.
Skills shortages: 83% say hiring and retaining skilled security professionals continues to be increasingly difficult, with 62% facing high employee churn due to overwork and stress.
"Expecting cybersecurity teams to understand every new risk has always been a challenge in the industry. Why would we expect that to change now, especially when the threat landscape is evolving faster than ever? It’s simply unrealistic. The scale of risks facing the business today is unprecedented, and traditional security approaches are failing," said Brian Beyer, CEO & Co-founder of Red Canary. "For too long, companies have tried to tackle this escalating problem by throwing more money, tools, and people at it. But with technology advancing at breakneck speed for both defenders and adversaries, cybersecurity teams are drowning, unable to keep up. It’s time for a new approach—one that involves strategic partnership and expert detection engineering to truly alleviate the burden and build defenses that actually work."
SOC teams hindered from acting on intelligence
While 78% of security leaders believe that a more intelligence-led security program equipped with real-time insight would help them to focus on the most critical issues faster, 66% say it’s really difficult and time consuming to turn threat intelligence into actionable steps. This leaves many teams stuck in reactive mode, unable to effectively address risks before they escalate.
Key challenges highlighted include:
Budgets alone aren’t enough: While 63% of security leaders saw a budget increase in the past year, only 37% felt it was enough to secure their business. This issue is compounded as 62% say that continued investment in developer speed is putting their business at risk.
Keeping up with compliance: To stretch resources even further, 46% say they have been too busy managing audits and ensuring regulatory compliance, with little time to focus on security training and fire drills.
Security as an afterthought 63% say their security team is often brought in too late, acting as the "clean-up crew" rather than helping from the start to ensure environments are secure by design.
These issues are prompting a shift in how SOCs are managed, with more organizations adopting a hybrid model of security operations. By partnering with managed services, businesses can expand their teams and close the gaps in skills and expertise. On average, security teams are now 40% in-house and 60% outsourced.
"This survey found that nearly 80% of threats come from commonly used technologies, which is both astounding and so unnecessary," said Beyer. "Protecting the entire enterprise is becoming more complex, and simultaneously, their budgets remain fixed with limited resources. Security teams have more data than ever, but they need help sorting through it to understand how attackers operate and improve their security. That’s where a trusted partner can help."
Methodology
This research was conducted by Coleman Parks as an online survey of individuals with decision making responsibility on data tooling for cybersecurity solutions. Coleman Parks surveyed 300 respondents in the US, 200 in the UK, 100 in Australia, and 100 in the Nordics from a cross-section of organizations with more than 1,000 employees.