89% of security leaders think traditional security approaches are failing in the face of modern threats

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.

  • 8 months ago Posted in

Vectra AI has released a new report highlighting how today’s organisations are tackling complex, modern cyberthreats. Vectra’s Security Leaders Research Report found that 89% of respondents think traditional approaches don’t protect against modern threats and that ‘the game needs to be changed’ when it comes to dealing with attackers. The report surveyed 200 IT security decision makers working at organisations with more than 1,000 employees in the UK.

The report unearths how security leaders believe legacy tooling and thinking is impeding organisations from protecting against modern threats, and that a new approach is needed to detect and stop attacks that leapfrog current tools. Key findings include:

•76% of security decision makers say they have bought tools that failed to live up to their promise – citing poor integration, failure to detect modern attacks, and lack of visibility as the top three reasons

•69% think they may have been breached and don’t know about it—a third (31%) think this is “likely”

•90% of respondents say recent high-profile attacks have meant the board is starting to take proper notice of cybersecurity

•69% believe cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers

•Over half (54%) now invest as much, if not more, on detection as protection, suggesting a positive shift away from prevention-first mentality

Garry Veale, Regional Director, UK & Ireland at Vectra, commented: “Digital transformation is driving change at an ever-increasing pace. Yet companies are not the only ones innovating. Cybercriminals are too. As the threat landscape evolves, traditional defences are increasingly ineffectual. Organisations need modern tools that shine a light into blind spots to deliver visibility from cloud to on premise. They need security leaders who can speak the language of business risk. Boards that are prepared to listen. And a technology strategy based around an understanding that it’s ‘not if but when’ they are breached.”

Security leaders are resigned to the fact that attackers are now one step ahead, with69% of respondents believing that cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers.

This may be in part due to legacy thinking around security and a lack of communication between security teams and the board. 58% of respondents think the board is a decade behind when it comes to security discussions, while 82% say the board’s security decisions are influenced by existing relationships with legacy security and IT vendors. A further 68% say it’s hard to communicate the value of security to the board, as it is notoriously difficult to measure. As a result, security leaders are more reliant than ever on their partners in the channel. 86% say they’re grateful to have a channel partner they can trust to guide them, as there are so many vendors all promising to do the same thing.

From GDPR to the Network and Information Security Directive, cybersecurity practices and standards are shaped by regulation. While regulation is crucial in holding organisations accountable, the report found 58% of respondents think legislators aren’t well-equipped enough to make decisions around cybersecurity matters and called for more industry input and collaboration. In addition, 43% of respondents argued that regulators don’t have a strong enough understanding of life “at the coal face” to be writing in laws for cybersecurity professionals.

“With the security landscape rapidly evolving and becoming increasingly complex, more often than not the attackers hold the advantage. This means security leaders must adopt a fresh approach to security that revolves around detection and response, while moving away from prevention-first strategies,” concludes Veale. “This new approach to security can create the right conditions for effective cyber-risk management but in order for the wider security industry to embrace this pro-active culture, there needs to be greater communication and consultation amongst both the board and regulators to ensure all parties are reading from the same script.”


Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity for ICS/OT cybersecurity and regularly inform the C-suite and board about OT cyber status.