A recent study conducted by Exabeam and the International Data Corporation (IDC) has revealed that 57% of companies experienced significant security incidents requiring extra remedial resources in the past year, due to program gaps caused by overloaded security teams lacking the necessary automated threat detection, investigation, and response (TDIR) resources.
Incidents of security violations were highest in North America (66%), followed closely by Western Europe (65%) and then Asia Pacific and Japan (APJ) (34%). The research, conducted by IDC on behalf of Exabeam, gleaned insights from 1,155 security and IT professionals across the three regions.
Exabeam's report illuminated a stark chasm between apparent security measures and reality. Despite 57% of the surveyed organisations having reported major security breaches, over 70% of them reported better performance on cybersecurity key performance indicators (KPIs) in 2023 than 2022. Furthermore, more than 90% of organisations believe they have a good or excellent ability to detect cyber threats.
Steve Moore, Exabeam Chief Security Strategist and Co-founder of the Exabeam TEN18 cybersecurity research and insights group, stated, "Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defence operations."
Globally, organisations report that they can only monitor 66% of their IT environments, leading to numerous blind spots, particularly including those in the cloud. This lack of full visibility implies potential blindspots for organisation's defence against advances in those unseen environments. APJ, despite having the lowest number of security violations, reports the least visibility at 62%, surmising that these teams may be underreporting incidents as a result.
When it comes to automating TDIR, which typifies the prevailing workflow of security operations teams, more than half (53%) of worldwide organisations have automated 50% or less of their TDIR workflow. This has major implications for the amount of time spent on TDIR (57%).
The study also highlighted organisational needs for the future. On being asked about where they required the most assistance with TDIR management, 36% of organisations expressed a requirement for third-party help, underlining a growing opportunity for the incorporation of automation and AI-driven security tools. An additional 35% showed a need for improved comprehension of normal user and peer group behaviour within their organisation, indicating a demand for TDIR solutions equipped with user and entity behaviour analytics (UEBA) functionalities.
"We expect the market demand for security solutions that leverage AI to continue in 2024 and beyond", added Moore. "Because AI-driven automation can aid in improving metrics and team morale, we’re already seeing increased demand to build even more AI-powered features."