The disparity of technologies that enterprises use to secure their IT infrastructures don’t provide a complete, real-time view of cybersecurity risk, a Forrester survey reveals. The research also shows the abundance of deployed tools leads to a false sense of confidence.
64% of companies are making it a high priority to implement a risk framework aligning cybersecurity risk and enterprise risk, according to the survey of 250 senior security decision-makers. Most companies use multiple technologies to identify and mitigate enterprise risk, including security analytics, vulnerability management, governance, risk, and compliance (GRC), as well as vendor risk management platforms.
“Increasing the number of security technologies doesn’t translate to improved security, however … The abundance of technology investments gives firms a false sense of confidence in their security posture,” the report says.
Almost every respondent reported challenges with existing tools, including manual reporting, an incomplete view of asset inventory and controls, and the insufficient visibility inherent to point-in-time solutions.
Asked to name the technologies used to identify and understand enterprise risk, respondents said:
- Security and analytics platform (83%)
- Security information and event management (SIEM) technology (80%)
- Vulnerability management technology (70%)
- Governance, risk and compliance (GRC) platform (64%)
- Vendor risk management technology (61%)
- Third party risk intelligence feeds (57%)
While companies report confidence in their security management efforts, their challenges paint a different picture.
86% are confident they have no gaps in the disparate security controls deployed across devices, applications, people and data. And 78% say they take a centralized approach to risk management across their organizations.