80% of organizations plan to increase spending on cybersecurity posture management
80% of IT and security professionals plan to increase spending on their cybersecurity posture management over the next 12-18 months, according to a Balbix survey. Organizations will put that money toward cyber-risk quantification tools, cloud security posture management and security asset management.
“Protecting company assets from attack is quickly becoming a top priority for the C-suite,” Jon Oltsik, Senior Principal Analyst & ESG Fellow.
Posture management remains one of the least mature areas of cybersecurity
The survey of just under 400 IT and security professionals highlights that posture management remains one of the least mature areas of security. Almost three quarters of respondents surveyed are using manual processes like spreadsheets. Similarly, 70 percent have more than ten security tools to manage their security hygiene and posture. Using manual processes and an extensive number of tools leads organizations to feel overwhelmed. Respondents said they face considerable challenges including:
- Keeping up with the volume of open vulnerabilities
- Automating the process of vulnerability discovery, prioritization, dispatch to owner and mitigation
- Identifying all assets that need to be scanned
Measuring progress through business metrics and outcomes
As organizations mature their security posture, they often look to measure their progress through business metrics and outcomes. Of those surveyed, 36 percent said one of the most important security hygiene and posture management metrics is cyber risk quantification: the ability to calculate cyber risk in monetary terms. Money is a common language that allows everyone involved to make better decisions, from IT and security teams to leadership and the board of directors.
“To overcome the challenges outlined in the survey, it is imperative that companies take the first step to automate their security posture,” said Balbix CEO, Gaurav Banga. “Organizations need to integrate their tools and move away from manual processes to improve visibility and be able to quickly respond to new threats.”