THE STATE OF THE SECURITY TEAM

Are executives the problem?

Table of contents
Welcome letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Key findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

The stress level of the security team increases when executive support is lacking . . . . . . . . . . . 6

5 ways to reduce stress on security leaders and teams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Security professionals lack critical tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Deployment of redundant security tools points to lack of strategic oversight . . . . . . . . . . . . . . . . . 13

Consolidated security solutions would make life easier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

About LogRhythm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

About Dimensional Research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19


The state of the security team:
Are executives the problem?
A global survey of security professionals and executives
Welcome letter
When you look at the state of the security
industry, there is a constant barrage of bad news.
Nonstop breaches, more data records stolen
than ever and continuously evolving threats and
attack surfaces. And as the profession struggles
with a shortage of properly trained workers,
the demand of work on skilled professionals
continues to increase. Cybersecurity pros
cannot catch a break. Some recent studies
are beginning to tell the story of how stressed
security teams actually are — and how that stress
is impacting their mental health.
The stress level of cybersecurity professionals
is not surprising, and those stressors are not
going away anytime soon. What is surprising is
no one is looking at how to alleviate that stress,
troubleshooting the day-to-day challenges they
deal with (often in overlapping tools that don’t talk
to one another) and how company leaders can
better support them with proper tools, processes,
and strategic guidance.
Now, more than ever, security teams are being
expected to do more with less. Most of the
workforce is still remote, broadening the attack
surface and making security at scale a critical
concern. As a result, we feel this research could
not have come at a better time.
The results were surprising in that the challenges
security professionals find most problematic are
not incredibly complex. Security teams want to
feel that the executives in the corner offices have
their backs and understand the value of security
to the business. In fact, many times you can tell
The state of the security team
how a business does prioritise security by where
the CSO is positioned within the company — if
the company has one at all. Security should be
a business led, executive led, well-understood,
and valued program. But many times, security
teams are just trying to do the best they can
or what they feel is the right thing, without the
company leadership behind them.
In addition, security teams want their peers to
understand how important security is in order
to safeguard the company’s critical assets,
ultimately contributing back to the core business
in doing so. All employees, from the CEO to
the frontline IT worker, need to feel they play a
significant role in maintaining the security of the
company for which they work and, at the end of
the day, the board and the executive team need
to relay that message from the top.
Working in security can feel like you’re sitting on
top of a powder keg that could explode at any
time. If a team lacks executive support, strategy,
leadership, or resources, it can feel like there
is no way to truly make an impact — and that
stress can eat away at a team, leading to burnout,
depression, and worse. We hope the information
this report provides helps to open a conversation
to strengthen the support of security teams, from
the board, to the executive team, and the entire
organisation.
Sincerely,
James Carder
CSO and VP of LogRhythm Labs
Welcome letter | 3
 The state of the security team

Executive summary
Amid a slew of statistics on how job stress is impacting security
professionals, we sought to learn the causes of the tension and anxiety — as
well understand potential ways teams might alleviate and remediate the
potential of job burnout. Our global survey of security professionals and
executives further investigated the tools those security professionals use to
understand solution capabilities, deployment strategies, technology gaps,
and the value of tool consolidation. In this report, we explore some of the
key findings from our survey.

4 | Chapter Title

Key findings
Security teams’ stress increases due to poor executive leadership.
75%
state they have more
work stress now than
just two years ago.
Lack of time and executive
interaction tops the causes
of stress.
Security teams lack the tools they
need for known gaps and threats.
92 per cent state they need preventative
solutions to close current security gaps.
93 per cent admit they lack the tools to detect
known security threats.
Only 32 per cent of security teams have a
single place to visualise real-time threats.
Security tool consolidation
provides many benefits.
The state of the security team
57%
state their security
program lacks proper
executive support.
Lack of executive
accountability leads the
reasons that security
professionals want to leave
their jobs.
Security tools with gaps and
overlaps indicate there is a strong
value in technology consolidation.
68 per cent acknowledge they have
overlapping security solutions.
56 per cent admit security solution overlap
is unplanned.
So while security teams are feeling the burden
of protecting the organisation without the
executive support they need and the ample time
to do their jobs well, they are also managing
disparate, overlapping tools — a huge time
suck — that could prevent them from doing their
jobs more effectively.
Next, we will dig into the survey responses
to gain a better understanding of the issues
causing increased stress on security teams.
Key findings | 5
The state of the security team
The stress level of the security team
increases when executive support is
lacking
Those in the security space have been seeing
more and more reports of the heightened
stress on the security operations centre (SOC)
and the analysts and managers who run it.
It is no surprise that a whopping 75 per cent
of security professionals say they have more
work stress now than they did just two years
ago. There are many reasons that might factor
into this rapid increase of pressure on the
SOC team — including evolving threats, digital
transformation, rapidly increasing data and
changing environments, inadequate security
solutions, and under-trained and under-skilled
team members. But what may come as a
surprise are the two primary causes for this
increase:
1) lack of time, and
2) executive interactions.
When asked whether their security program
has enough executive support — specifically, do
you have enough budget, does the executive
team provide a strategic vision for security,
and do you feel as though you have the buy-in
you need for your program — more than half
the respondents said they do not feel like the
support is significant.
 The state of the security team

In your opinion, does the security program have enough executive

support (budget, strategic vision, buy-in)?

Yes
43%
No
57%

Figure 1. 57 Per cent state their security program lacks proper executive support

Which of the following has had you consider leaving your job?

Executives not held accountable for strategic security decisions 42 %

Too much job stress 40 %

Excessive work after hours fighting security emergencies 32 %

Security team members not held accountable 25 %

Nothing has me thinking about leaving my job 22 %

Inadequate security tools (gaps, poor quality, etc.) 21 %

Too many security tools 9%

Figure 2. Lack of executive accountability leads reasons security pros want to quit

The explicit finding that executives are part
of the problem grows as more than half of
security professionals state their security
program suffers for a lack of executive support.
In fact, executive accountability, or lack thereof,
is the primary reason security professionals
want to leave their current job. When asked
what would help alleviate their stress,
executive support was in the top five, with the
remaining four items directly controlled by
executives, such as a cooperative environment
and properly skilled and staffed security teams
with the needed budget.

The stress level of the security team increases when executive support is lacking | 7
 The state of the security team

5 ways to reduce stress on security

leaders and teams
It is no surprise that stress is increasing for those who are responsible for their company’s security
and reputation. From the survey responses, we found five leading factors that stood out as avenues to
help SOC teams reduce stress:

Increased security
budget (both to
fund security tools/ More experienced
team members
solutions and
headcount growth) 1 2

5 3
4
Help from other
Support from the
departments to comply
executive team
with security mandates

Fully staffed security team to

reduce lingering open headcount

8 | 5 ways to reduce stress on security leaders and teams

 The state of the security team

When asked what would help alleviate their
stress, increasing the security budget was the
most commonly selected answer. When later
asked what this budget would go towards,
58 per cent of respondents said they needed
increased funding for tools, and 47 per cent
of respondents said they need to grow the
security team. These points lead back to why
executive support is so critical to a security
program. Without it — and the budgetary
support that goes with it — the team is unable
to keep up with the burden of securing the
organisation’s data.

In your opinion, what additional support does your security program require?

Increased funding for tools 58 %

Help getting other departments to comply with security requirements 49 %

Increased security team size 47 %

Clear strategic vision 42 %

Executive buy-in 34 %

Our security program does not require any additional support 1%

Figure 3. Security teams need better tools and cooperation from other departments

The factors “A need for more experienced a clear understanding of what is important
team members” — harkening back to the to the business, especially if budgets remain
shortage of experienced and skilled security separate.
professionals — and “better cooperation from
A supportive executive team was selected by
other IT teams” tied for the second most
41 per cent of respondents, and a fully staffed
commonly selected way to reduce stress.
security team was selected by 39 per cent with
Security is often a change agent for IT teams,
the majority of respondents indicating they are
and at times, IT can be resistant to change,
currently trying to fill three or more security
resulting in friction. Forty-nine per cent of
roles (Figure 4). This points to a further need
respondents further indicated they need help
for enterprise security leaders to make their
getting other departments to comply with
teams feel supported in order to keep their
security requirements (Figure 3). Ultimately, it’s
current talent.
critical for security teams to develop a strong
partnership and alignment with IT teams with

5 ways to reduce stress on security leaders and teams | 9

The state of the security team

Which of the following would help to reduce stress at your company?

Increased security budget 44%

Experienced security team members 42%
Better cooperation from other IT teams 42%
Supportive executive team 41%
Fully staffed security team 39%
More integrated security solutions 34%
More time 33%
Comprehensive security dashboard 31%
Fewer new types of attacks (less innovation by hackers) 21%
Decreasing attack frequency 18%
Diminished breach repercussions (less blame) 15%

Figure 4. Better executive leadership would reduce stress with an improved work environment and budget

Places two and five in the shortlist (the need
for more experienced team members and
a fully staffed team, respectively) point to
another commonly known issue in the security
space — finding and retaining talented team
members. According to recent research
from Varonis, it’s estimated that the number
of unfilled cybersecurity positions will grow
to a staggering 3.5 million by 20211. While
budgetary support is important, being able
to offer competitive pay and a lower-stress
workplace will be important for retaining the
talent a team does hire.

How many security positions is your company currently trying to fill?

25% 26%

16% 15%
12%

6%

None 1 2 3-5 6-10 > 10

Figure 5. Nearly half of companies are trying to hire three or more security professionals

1
https://www.varonis.com/blog/cybersecurity-skills-shortage/

10 | 5 ways to reduce stress on security leaders and teams

 The state of the security team

Security professionals lack

critical tools
Amidst the cultural and leadership problems, nine out of 10 companies
admit to lacking necessary detection and prevention solutions for known
security gaps and threats. Just one in three companies have a real-time
security dashboard. The top item needed to improve security is an increased
tool budget, perhaps hearkening back to the unsatisfactory support from the
executive team.

Security professionals lack critical tools | 11

 The state of the security team

Which types of preventative security solutions does your company currently

need to address current gaps?

Identity and access management (IAM) 44%

Data loss prevention (DLP) 43%
Web security (filtering) 39%
Distributed denial of service (DDoS) mitigation 38%
Firewalls 37%
Network segmentation solutions 35%
Antivirus and antimalware solutions 34%
We don’t need prevention focused security solutions to address gaps 8%

Figure 6. Ninety-two per cent state they need preventative solutions to close current security gaps

Which types of detection-focused security solutions does your company

currently need to address current gaps?
Security information and event management (SIEM) 41%
Intrusion systems (IDS, IPS, etc.) 39%
Network traffic analytics (NTA) 39%
User and entity behaviour analytics (UEBA) 39%
Network detection and response (NDR) 35%
Security orchestration, automation and response (SOAR) 35%
We don’t need detection focused security solutions to address gaps 7%

Figure 7. Ninety-three per cent admit they lack the tools they need to detect known security threats

Does your security team

Yes
currently have a real-time, 32%
consolidated view (dashboard)
of all your security solutions?
No
68%

Figure 8. Only 32 per cent of companies have a real-time

security dashboard

12 | Security professionals lack critical tools

 The state of the security team

Deployment of redundant
security tools points to lack
of strategic oversight
And while the overwhelming majority said that the technology in their
SOC is lacking, most respondents also shared they have overlapping
security solutions deployed. When security analysts manage security
operations via overlapping tools, they are wasting valuable time in their
day updating, patching, maintaining, and operating more solutions than are
necessary (not having enough time in the day being the number one pain
point for this group). This can lead to teams spending more time administering
the tools instead of using them for their intended purpose of detecting
and responding to threats. For these teams, it can often feel like an 80/20
split — but in the wrong direction.

Deployment of Redundant Security Tools Points to Lack of Strategic Oversight | 13

The state of the security team

Does your company use In general, why do your

overlapping security tools or company’s security solutions
multiple products that solve the overlap with one another?
same problem?

No Intentional
24% overlap 44%

Yes I don’t
68% know Accidental
8% overlap 56%
Figure 9. 68 per cent admit they have overlapping Figure 10. 56 per cent admit security solution
security solutions overlap is unintended

More than half of those with redundant
solutions admit they are accidental, bringing
overall security strategy into question. It was
likely this combination of known solution gaps
and unplanned overlaps that had security
pros rate the value of solution consolidation
so highly. The benefits of consolidation are
apparent: less maintenance, faster issue
detection, quicker issue identification, faster
issue resolution, lower technology costs, and
an improved security posture. Companies that
wish to reduce security risk need to start at the
top and supply security teams with the support
and tools they need.

14 | Deployment of redundant security tools points to lack of strategic oversight

 The state of the security team

Consolidated security solutions would make

life easier
Following the combination of known solution gaps and unplanned overlaps, security professionals
rated the value of solution consolidation highly. They cited benefits of less maintenance and faster issue
detection, identification, and resolution — with lower costs creating an improved security posture.

In your experience, what benefits would result from consolidating

security tools?
Please consider that consolidated solutions would be comparable with similar functionality to existing tools.

Less maintenance (fewer solutions to update, configure, etc.) 63%

Faster issue detection 54%
Quicker issue identification 53%
Faster issue resolution 49%
Lower costs (reduced licenses, equipment, etc.) 46%
Improved security posture 45%
Easily share security status and events with executives 38%
More time for other tasks 33%
Less stress 32%
There are no benefits to consolidating security tools 2%

Figure 11. Security tool consolidation provides numerous benefits

Consolidated security solutions would make life easier | 15

 The state of the security team

Conclusion
If you are leading a security team or part of a SOC, hearing that stress is
increasing in your space is likely no surprise. Your teams are understaffed
and underbudgeted. To keep up with the threats facing your organisation,
it is clear there needs to be a cultural shift — and it must start at the top. It is
no longer just the responsibility of a CISO or CSO. To ensure a company is
secure, the board and executive team must supply their security team with
the strategic guidance, a healthy budget, and the proper tools required to
effectively do their jobs.

16 | Chapter Title
 The state of the security team

Methodology
Security professionals at medium businesses
to large enterprises representing all seniority
levels were invited to participate in a survey
on their company’s security tools, work
environment, leadership, and current needs.
A total of 308 qualified participants completed
the survey. All participants were security
professionals or executives. Participants were
from all 5 continents.

The survey was administered electronically,

and participants were offered a token
compensation for their participation.

Individuals represented

Role Tenure in field of security

Front-line
Manager professional 6-10 years 11-20 years
45% 33% 35% 31%

longer than
Executive 2-5 years 20 years
22% 19% 12%
fewer than
2 years
3%

Methodology | 17
The state of the security team

Companies represented

Company size

1,000-5,000
42% More than 5,000
45%

500-1,000
13%

Location

United States or Canada 77%

Europe 14%
Mexico, Central America, or South America 4%
Middle East or Africa 2%
Australia or New Zealand 2%

Asia 1%

18 | Methodology
 The state of the security team

About LogRhythm
LogRhythm empowers more than 4,000 customers across the globe to
measurably mature their security operations program. LogRhythm’s award-
winning NextGen SIEM Platform delivers comprehensive security analytics; user
and entity behaviour analytics (UEBA); network detection and response (NDR);
and security orchestration, automation, and response (SOAR) within a single,
integrated platform for rapid detection, response, and neutralisation of threats.

Built by security professionals for security professionals, LogRhythm enables

security professionals at leading organisations like NASA, and XcelEnergy
to promote visibility for their cybersecurity program and reduce risk to their
organisation each and every day. LogRhythm is the only provider to earn the
Gartner Peer Insights’ Customer Choice for SIEM designation four years in a
row.

To learn more, please visit logrhythm.com.

About Dimensional Research

Dimensional Research® provides practical market research for technology
companies. We partner with our clients to deliver actionable information
that reduces risks, increases customer satisfaction, and grows the business.
Our researchers are experts in the applications, devices, and infrastructure
used by modern businesses and their customers. For more information, visit
www.dimensionalresearch.com.

About LogRhythm | 19
 +44 (0)1628 918 330 // europe@logrhythm.com
Regional HQ, Clarion House, Norreys Drive, Maidenhead, SL6 4FL, United Kingdom