Most companies changed their cybersecurity strategy in the past year – Help Net Security

Businesses worldwide have faced a rate of change in the threat environment evidenced by 95% of companies reporting cybersecurity strategy adjustments within just the past year, according to LogRhythm.

At the heart of these strategic shifts is the central role of leadership within organizations. The perception of cybersecurity has changed from a purely technical issue to a central pillar of business strategy and corporate governance, with 78% stating that the cybersecurity leader or CEO—or both—are responsible for protecting against and responding to cyber incidents.

“The evolving role of cybersecurity leadership reflects a fundamental shift in how organizations view and manage cyber risk,” said Andrew Hollister, CISO at LogRhythm. “Today’s threat environment demands a collaborative approach, with senior executives working hand-in-hand with security professionals to understand the risks, make well-informed, strategic decisions, and allocate the necessary resources to safeguard the organization and its clients.”

However, amid the shifting tides, effective communication between security teams and non-security executives remains a significant gap. 44% of non-security executives don’t understand the regulatory requirements that the company must adhere to.

Additionally, 59% report difficulties explaining the necessity of specific security solutions to non-security stakeholders, indicating a pressing need for enhanced reporting mechanisms to navigate the complexities of decision-making in the modern security landscape.

Amid the security evolution, 76% say they have experienced increases to their budget to better manage emerging threats and nearly 8 in 10 say they now have the right resources to defend their company from cyberattacks. Continuing positive news, 79% of security professionals now rate their security defense as either good or excellent.

It remains to be seen whether this is overconfidence, especially since security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact.

The research found that less than half of security teams are reporting on time to respond (49%), time to detect (48%), and time to recover (45%).

Even more concerning, 61% of security teams are still using manual and time-intensive approaches to share security status information. Security teams need to be armed with enhanced case management metrics and advanced analytics to make informed decisions quickly.

The research examined several facets of cybersecurity, drawing on insights from a global survey of 1,176 security executives and professionals across five continents.