Professional Documents
Culture Documents
Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Key findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The stress level of the security team increases when executive support is lacking . . . . . . . . . . . 6
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About LogRhythm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Welcome letter
When you look at the state of the security how a business does prioritise security by where
industry, there is a constant barrage of bad news. the CSO is positioned within the company — if
Nonstop breaches, more data records stolen the company has one at all. Security should be
than ever and continuously evolving threats and a business led, executive led, well-understood,
attack surfaces. And as the profession struggles and valued program. But many times, security
with a shortage of properly trained workers, teams are just trying to do the best they can
the demand of work on skilled professionals or what they feel is the right thing, without the
continues to increase. Cybersecurity pros company leadership behind them.
cannot catch a break. Some recent studies
In addition, security teams want their peers to
are beginning to tell the story of how stressed
understand how important security is in order
security teams actually are — and how that stress
to safeguard the company’s critical assets,
is impacting their mental health.
ultimately contributing back to the core business
The stress level of cybersecurity professionals in doing so. All employees, from the CEO to
is not surprising, and those stressors are not the frontline IT worker, need to feel they play a
going away anytime soon. What is surprising is significant role in maintaining the security of the
no one is looking at how to alleviate that stress, company for which they work and, at the end of
troubleshooting the day-to-day challenges they the day, the board and the executive team need
deal with (often in overlapping tools that don’t talk to relay that message from the top.
to one another) and how company leaders can
Working in security can feel like you’re sitting on
better support them with proper tools, processes,
top of a powder keg that could explode at any
and strategic guidance.
time. If a team lacks executive support, strategy,
Now, more than ever, security teams are being leadership, or resources, it can feel like there
expected to do more with less. Most of the is no way to truly make an impact — and that
workforce is still remote, broadening the attack stress can eat away at a team, leading to burnout,
surface and making security at scale a critical depression, and worse. We hope the information
concern. As a result, we feel this research could this report provides helps to open a conversation
not have come at a better time. to strengthen the support of security teams, from
the board, to the executive team, and the entire
The results were surprising in that the challenges organisation.
security professionals find most problematic are
not incredibly complex. Security teams want to Sincerely,
feel that the executives in the corner offices have
their backs and understand the value of security
to the business. In fact, many times you can tell James Carder
CSO and VP of LogRhythm Labs
Welcome letter | 3
The state of the security team
Executive summary
Amid a slew of statistics on how job stress is impacting security
professionals, we sought to learn the causes of the tension and anxiety — as
well understand potential ways teams might alleviate and remediate the
potential of job burnout. Our global survey of security professionals and
executives further investigated the tools those security professionals use to
understand solution capabilities, deployment strategies, technology gaps,
and the value of tool consolidation. In this report, we explore some of the
key findings from our survey.
4 | Chapter Title
The state of the security team
Key findings
Security teams’ stress increases due to poor executive leadership.
75% 57%
state they have more state their security
work stress now than program lacks proper
just two years ago. executive support.
Security teams lack the tools they Security tools with gaps and
need for known gaps and threats. overlaps indicate there is a strong
value in technology consolidation.
92 per cent state they need preventative
solutions to close current security gaps.
68 per cent acknowledge they have
overlapping security solutions.
Only 32 per cent of security teams have a So while security teams are feeling the burden
single place to visualise real-time threats. of protecting the organisation without the
executive support they need and the ample time
to do their jobs well, they are also managing
disparate, overlapping tools — a huge time
suck — that could prevent them from doing their
jobs more effectively.
Security tool consolidation Next, we will dig into the survey responses
provides many benefits. to gain a better understanding of the issues
causing increased stress on security teams.
Key findings | 5
The state of the security team
Those in the security space have been seeing team members. But what may come as a
more and more reports of the heightened surprise are the two primary causes for this
stress on the security operations centre (SOC) increase:
and the analysts and managers who run it. 1) lack of time, and
It is no surprise that a whopping 75 per cent 2) executive interactions.
of security professionals say they have more
work stress now than they did just two years When asked whether their security program
ago. There are many reasons that might factor has enough executive support — specifically, do
into this rapid increase of pressure on the you have enough budget, does the executive
SOC team — including evolving threats, digital team provide a strategic vision for security,
transformation, rapidly increasing data and and do you feel as though you have the buy-in
changing environments, inadequate security you need for your program — more than half
solutions, and under-trained and under-skilled the respondents said they do not feel like the
support is significant.
The state of the security team
Yes
43%
No
57%
Figure 1. 57 Per cent state their security program lacks proper executive support
Which of the following has had you consider leaving your job?
Figure 2. Lack of executive accountability leads reasons security pros want to quit
The explicit finding that executives are part what would help alleviate their stress,
of the problem grows as more than half of executive support was in the top five, with the
security professionals state their security remaining four items directly controlled by
program suffers for a lack of executive support. executives, such as a cooperative environment
In fact, executive accountability, or lack thereof, and properly skilled and staffed security teams
is the primary reason security professionals with the needed budget.
want to leave their current job. When asked
The stress level of the security team increases when executive support is lacking | 7
The state of the security team
Increased security
budget (both to
fund security tools/ More experienced
team members
solutions and
headcount growth) 1 2
5 3
4
Help from other
Support from the
departments to comply
executive team
with security mandates
When asked what would help alleviate their security team. These points lead back to why
stress, increasing the security budget was the executive support is so critical to a security
most commonly selected answer. When later program. Without it — and the budgetary
asked what this budget would go towards, support that goes with it — the team is unable
58 per cent of respondents said they needed to keep up with the burden of securing the
increased funding for tools, and 47 per cent organisation’s data.
of respondents said they need to grow the
In your opinion, what additional support does your security program require?
Executive buy-in 34 %
Figure 3. Security teams need better tools and cooperation from other departments
The factors “A need for more experienced a clear understanding of what is important
team members” — harkening back to the to the business, especially if budgets remain
shortage of experienced and skilled security separate.
professionals — and “better cooperation from
A supportive executive team was selected by
other IT teams” tied for the second most
41 per cent of respondents, and a fully staffed
commonly selected way to reduce stress.
security team was selected by 39 per cent with
Security is often a change agent for IT teams,
the majority of respondents indicating they are
and at times, IT can be resistant to change,
currently trying to fill three or more security
resulting in friction. Forty-nine per cent of
roles (Figure 4). This points to a further need
respondents further indicated they need help
for enterprise security leaders to make their
getting other departments to comply with
teams feel supported in order to keep their
security requirements (Figure 3). Ultimately, it’s
current talent.
critical for security teams to develop a strong
partnership and alignment with IT teams with
Figure 4. Better executive leadership would reduce stress with an improved work environment and budget
Places two and five in the shortlist (the need of unfilled cybersecurity positions will grow
for more experienced team members and to a staggering 3.5 million by 20211. While
a fully staffed team, respectively) point to budgetary support is important, being able
another commonly known issue in the security to offer competitive pay and a lower-stress
space — finding and retaining talented team workplace will be important for retaining the
members. According to recent research talent a team does hire.
from Varonis, it’s estimated that the number
25% 26%
16% 15%
12%
6%
Figure 5. Nearly half of companies are trying to hire three or more security professionals
1
https://www.varonis.com/blog/cybersecurity-skills-shortage/
Figure 6. Ninety-two per cent state they need preventative solutions to close current security gaps
Figure 7. Ninety-three per cent admit they lack the tools they need to detect known security threats
Deployment of redundant
security tools points to lack
of strategic oversight
And while the overwhelming majority said that the technology in their
SOC is lacking, most respondents also shared they have overlapping
security solutions deployed. When security analysts manage security
operations via overlapping tools, they are wasting valuable time in their
day updating, patching, maintaining, and operating more solutions than are
necessary (not having enough time in the day being the number one pain
point for this group). This can lead to teams spending more time administering
the tools instead of using them for their intended purpose of detecting
and responding to threats. For these teams, it can often feel like an 80/20
split — but in the wrong direction.
No Intentional
24% overlap 44%
Yes I don’t
68% know Accidental
8% overlap 56%
Figure 9. 68 per cent admit they have overlapping Figure 10. 56 per cent admit security solution
security solutions overlap is unintended
More than half of those with redundant apparent: less maintenance, faster issue
solutions admit they are accidental, bringing detection, quicker issue identification, faster
overall security strategy into question. It was issue resolution, lower technology costs, and
likely this combination of known solution gaps an improved security posture. Companies that
and unplanned overlaps that had security wish to reduce security risk need to start at the
pros rate the value of solution consolidation top and supply security teams with the support
so highly. The benefits of consolidation are and tools they need.
Conclusion
If you are leading a security team or part of a SOC, hearing that stress is
increasing in your space is likely no surprise. Your teams are understaffed
and underbudgeted. To keep up with the threats facing your organisation,
it is clear there needs to be a cultural shift — and it must start at the top. It is
no longer just the responsibility of a CISO or CSO. To ensure a company is
secure, the board and executive team must supply their security team with
the strategic guidance, a healthy budget, and the proper tools required to
effectively do their jobs.
16 | Chapter Title
The state of the security team
Methodology
Security professionals at medium businesses A total of 308 qualified participants completed
to large enterprises representing all seniority the survey. All participants were security
levels were invited to participate in a survey professionals or executives. Participants were
on their company’s security tools, work from all 5 continents.
environment, leadership, and current needs.
Individuals represented
longer than
Executive 2-5 years 20 years
22% 19% 12%
fewer than
2 years
3%
Methodology | 17
The state of the security team
Companies represented
Company size
1,000-5,000
42% More than 5,000
45%
500-1,000
13%
Location
Asia 1%
18 | Methodology
The state of the security team
About LogRhythm
LogRhythm empowers more than 4,000 customers across the globe to
measurably mature their security operations program. LogRhythm’s award-
winning NextGen SIEM Platform delivers comprehensive security analytics; user
and entity behaviour analytics (UEBA); network detection and response (NDR);
and security orchestration, automation, and response (SOAR) within a single,
integrated platform for rapid detection, response, and neutralisation of threats.
About LogRhythm | 19
+44 (0)1628 918 330 // europe@logrhythm.com
Regional HQ, Clarion House, Norreys Drive, Maidenhead, SL6 4FL, United Kingdom