A survey of 1,155 security and IT professionals in North America, Western Europe and Japan found that despite 90% rating their ability to detect cyberthreats as either excellent (63%) or good (31%), well over half (57%) still experienced a significant cybersecurity breach in 2023.

Conducted by International Data Corporation (IDC) on behalf of Exabeam, a provider of a platform for managing security operations, the survey also found that, on average, respondents are only able to “see” or monitor 66% of their IT environments. More than a third (35%) also cited a need for improved understanding of normal user and entity and peer group behavior within their organization.

Sam Humphries, senior director for international marketing and security strategy at Exabeam, said the survey makes it clear there is a disconnect between the level of protection cybersecurity teams believe they are providing and the number of incidents that are occurring. That level of overconfidence is especially problematic given the lack of visibility IT and cybersecurity teams have into their IT environments, she added.

In fact, despite the number of incidents that occurred last year, the survey respondents said the mean time to detect (79%), investigate (77%), respond (77%) and remediate (72%) all improved last year. Nevertheless, more than half of respondents (53%) have thus far automated 50% or less of their threat detection and incident response workflows, the survey found.

The biggest threat detection and response challenges respondents cited are time-consuming investigations (41%), limited visibility (40%), lack of response knowledge (39%) and lack of automation (39%). On average, respondents estimated well over half (57%) of their teams’ time is spent on threat detection and incident response. Well over a third (36%) also noted they needed third-party assistance to manage threat detection and incident response.

Even in the best of economic times, cybersecurity is a challenge. However, as more organizations lay off workers, including cybersecurity staff, it’s apparent there is a need to automate workflows, noted Humphries. The issue many organizations are encountering is they are being forced to pare down cybersecurity teams before they can automate existing manual workflows.

Naturally, not all organizations are being equally impacted by the global economy and demand for cybersecurity expertise continues to outstrip supply. As such, organizations should be investing more in automation to make up for that shortfall regardless of financial outlook. Unfortunately, when an economic downturn does inevitably occur most organizations are unprepared to address the inherent cybersecurity challenges.

Of course, the cybercriminal syndicates and nation-states that launch cyberattacks have, in comparison, access to unlimited resources. Arguably, an economic downturn makes it easier for them to recruit additional help to launch attacks. The end result is a complex network of interdependencies that makes it difficult to identify the root source of the exploits that are becoming more sophisticated with each passing day.

Ironically, at the same time, adversaries are taking advantage of advances in automation to simultaneously launch attacks faster than defenders can respond in an era where far too many cybersecurity processes are still based on antiquated workflows that advances in artificial intelligence (AI) might one day help automate. In the meantime, however, the odds remain decidedly stacked against IT and cybersecurity teams.