Less Than Half Of Companies Detected Threats In the First Hour

A new survey shows that less than half of all organizations are able to detect a major cybersecurity incident within one hour, while less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.

The data comes from LogRhythm’s annual benchmark survey, Cybersecurity: Perceptions & Practices, which surveyed 751 IT decision makers in the United States, United Kingdom, and Asia-Pacific regions.

“Cyber threats continue to grow in volume and intensity. Seemingly every month, another massive security breach dominates the headlines,” said Matt Winter, VP of Marketing and Business Development at LogRhythm. “To combat these threats, organizations need to carefully plan their budgets and strategies, while developing effective programs that tackle specific threats and keep them one step ahead of cyberattackers.”

While most decision makers—more than 70 percent —have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service attacks, about half believe that a determined hacker could still breach their company’s systems.

And more than one-third have actually experienced a breach in the past year—ranging from 29 percent in the United States to 39 percent in the Asia-Pacific region.

So it’s not surprising that most IT executives (over 60 percent) are not confident that the security software they have in place could detect or stop all major breaches.

The survey also revealed that, on average, companies employ 12 cybersecurity professionals, while more than half of the respondents said that they employ 10 or fewer professionals on their teams. It’s also surprising to find out that the percentage of resources allocated to cybersecurity is usually on the low side — one-third of executives allocate 10 percent or less of their IT budget to security. Regionally, the U.S. had the lowest rate, and Asia-Pacific the highest.

With that in mind, 57 percent of IT executives are moderately comfortable with their companies’ level of security funding, while nearly a quarter said they are not comfortable.