SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
LogRhythm releases state of security team report for 2022
Tue, 20th Dec 2022

LogRhythm has announced the release of its report, 'The State of the Security Team 2022: Can Security Teams Meet Stakeholders Requirements?'.

The research, which involved 260 APAC respondents as part of a worldwide study of 1,175 security professionals, looked into the current landscape of security solution capabilities, deployment strategies, gaps and the value of tool consolidation.

The research finds that there has been a significant improvement in leadership teams understanding of the importance of cybersecurity; and stronger alignment between executive leadership and their security teams.

As a whole, APAC businesses have a stronger cybersecurity posture compared to the global average, when it comes to implementing effective cybersecurity solutions, having a real-time, consolidated view of their security solutions, and having enough executive support.

Leadership buy-in increases significantly

Respondents overwhelmingly indicated that customers and partners are demanding higher standards, highlighting that security has evolved beyond internal consideration.

Overall, 93% of APAC businesses reported that their company's security strategy and practices must now align to customers' security policies and standards. Partners also exert a new level of due diligence, with 88% of APAC respondents sharing that their company must provide proof of meeting partners' security requirements.

In this landscape, the researchers state that cybersecurity has thus become a make-or-break factor for business growth, with 73% of professionals having lost a deal due to the customers lack of confidence in their company's security strategy.

The direct impact of cybersecurity preparedness has significantly boosted executive buy-in, with 83% of global respondents (88% in APAC) now receiving enough support around budget, strategic vision and buy-in, suggesting an improvement in understanding between executive leadership and their security teams.

This is a marked improvement from LogRhythm's initial report in 2020, where the same figure stood at 43%. In addition, almost all (94%) security teams in APAC have provided reports directly to their CEO, with regards to security matters such as incident explanation or issue resolution, higher than the global figure (88%).

Joanne Wong, Vice President, International Markets of LogRhythm, comments, "Cybersecurity is increasingly a business imperative in APAC, given the growing complexity and severity of cyberattacks facing organisations in the region. Having executive leadership buy-in on cybersecurity investments will play a crucial role in building a strong cybersecurity posture, to help businesses confidently navigate the challenges in an ever-evolving threat landscape."

Talent crunch remains a key challenge

APAC saw one of the largest cybersecurity talent gaps worldwide in 2022, with 60% of organisations in the region reporting a shortage in their cybersecurity workforce.

The growing cybersecurity talent shortage, combined with employee turnovers, mean that security teams are feeling the pinch, the researchers state. Consequently, 79% of APAC respondents, regardless of their role, agreed that employee turnover reduces the effectiveness of their security teams.

The research also found that work-related stress became prevalent for APAC security teams in the last two years, with 67% reporting an increase in work-related stress levels, indicating many companies may be trying to do more with less, amidst budget constraints.

The leading stressors for APAC security teams include increased regulations, retaining security resources and talent, as well as lack of cybersecurity expertise among team members.

When asked what would help alleviate their stress, hiring of more experienced security team members and increased security budget came out on top. Despite this, the research highlighted that the region has seen a higher rate of employer satisfaction, with up to 94% of company executives happy with the security teams performance in the last 18 months, 7% higher than the global average.

Many companies using overlapping solutions

Notably, the research found that close to 9 in 10 (87%) of APAC companies have an increasing trend of overlapping security solutions. With half of this overlap being accidental, security teams face additional work to deploy and maintain duplicative tools, which can be particularly frustrating as these efforts won't necessarily yield better security defences or improve response times.

With the talent crunch in cybersecurity set to persist for years to come, streamlining and enabling greater efficiency across solutions will be a key strategy for companies looking to mitigate the cyber risks brought about by a shortage of manpower, the researchers state.

Indeed, when security experts were asked directly about the benefits of integrated security tools, they responded with faster security issue notification, identification, and resolution, delivering an overall improved security posture.

In short, consolidated security tools lead to faster issue detection, identification, and resolution, yielding improved security posture. The risks associated with the talent crunch in cybersecurity is compounded by the increasing complexity of cyber threats globally, and the proliferation of threat actors.

In this landscape, executives need to pay more attention to the priorities of frontline security professionals, and focus on consolidation, training, and staff retention, as well as ensure that teams are armed with the appropriate resources to meet both external stakeholder and regulatory compliance requirements, the researchers state.