Most companies have changed their cybersecurity strategy in the past year

According to LogRhythm, companies around the world have experienced a degree of change in the threat environment, evidenced by 95% of companies reporting changes to cybersecurity strategy in the past year.

Strategic shifts within organizations

At the heart of these strategic shifts is the central role of leadership within organizations. The perception of cybersecurity has changed from a purely technical issue to a central pillar of business strategy and governance. 78% say the cybersecurity leader or CEO (or both) is responsible for protecting against and responding to cyber incidents.

“The evolving role of cybersecurity leadership reflects a fundamental shift in the way organizations view and manage cyber risk,” said Andrew Hollister, CISO at LogRhythm. “Today’s threat environment requires a collaborative approach, with senior executives working hand-in-hand with security professionals to understand the risks, make informed, strategic decisions and allocate the necessary resources to protect the organization and its customers.”

Key factors driving changes in cybersecurity strategy include:

• Keeping pace with the changing regulatory landscape (98%)
• The need to meet customer expectations for data protection and privacy (89%)
• The rise of AI-driven threats and solutions (65%)

However, amid the changing tides, effective communication between security teams and non-security managers remains a significant gap. 44% of non-security managers do not understand the legal requirements the company must adhere to.

Additionally, 59% report difficulty explaining the need for specific security solutions to non-security stakeholders, indicating an urgent need for improved reporting mechanisms to navigate the complexity of decision-making in the modern security landscape.

Organizations are increasing their security budgets

Amid security developments, 76% say they have increased their budget to better manage emerging threats, and nearly 8 in 10 say they now have the right tools to protect their business from cyber attacks . Continued positive news: 79% of security professionals now rate their security defenses as good or excellent.

It remains to be seen whether this is overconfidence, especially since security teams are not reporting on key operational metrics that determine whether their security investments and strategy changes are having a measurable impact.

The survey shows that less than half of security teams report time to respond (49%), time to detect (48%) and time to recover (45%).

Even more troubling, 61% of security teams still use manual and time-consuming approaches to share security status information. Security teams must be armed with improved case management metrics and advanced analytics to make informed decisions quickly.

The research examined various facets of cybersecurity, based on insights from a global survey of 1,176 security managers and professionals on five continents.