"Control Failures Are the Primary Reason for Most Data Breaches"

Panaseer has released the third edition of its Security Leaders Peer Report, which examines the concerns and constraints that CISOs and other senior cybersecurity leaders face in the US and the UK. According to Censuswide's survey of more than 800 respondents from large organizations, the failure of controls expected to be in place is the primary reason for data breaches, and 79 percent of enterprises have experienced cyber incidents that could have been avoided with existing safeguards. Therefore, while most breaches are preventable, they continue to occur, and security leaders are becoming increasingly frustrated. In addition, the report explores how the high-pressure environment in which security professionals work affects them personally. Many respondents stated that the inability to continuously measure enterprise-wide security posture and identify control failures is the root cause of their frustrations. Incidents that an expected control should have stopped were closely followed, with 68 percent frustrated by the inability to stop preventable breaches. Respondents also cited data and tooling issues as a greater motivator for security team resignations than higher pay and more seniority. Only 44 percent of organizations are extremely confident in their ability to continuously measure their control gaps. Respondents cited a lack of internal resources (39 percent), an inability to demonstrate remediation (38 percent), ineffective tooling (34 percent), and poor control failure visibility (34 percent), as reasons for their lack of confidence. However, 82 percent believe that monitoring and addressing expected control failure and risk would have a greater impact on their security posture than purchasing additional tools. This is especially important given the issue of tool sprawl. The two previous reports found that organizations often use more than 75 or even 100 security tools. This article continues to discuss key findings from Panaseer's third edition of its Security Leaders Peer Report.

Continuity Central reports "Control Failures Are the Primary Reason for Most Data Breaches"