Cybersecurity practitioners are growing increasingly overwhelmed managing tools from multiple vendors, according to new research from Kaspersky.
A recent study from the security firm found nearly three-quarters (74%) of companies in the UK rely on “multi-vendor ecosystems” – a trend which is putting them at increased risk and burning out staff.
Indeed, over one-third (36%) of UK cyber workers said their security stacks are “overly complex and time-consuming” to maintain, which in turn is hampering their ability to respond to emerging threats.
Maintaining disparate tools has a knock-on effect across the cybersecurity segment at most businesses, the study noted. Compatibility issues were highlighted as a key challenge, for example, with 43% of respondents indicating they cannot keep a handle on security processes because of a lack of cross-platform integration.
This, the study warned, often leads to manual interventions and increases the chances of human error or blind spots, leaving the business open to breaches.
Similarly, 36% said they struggle with “inconsistent threat visibility” due to the growing array of tools and solutions. As data is collected from various vendors, Kaspersky noted this also creates blind spots and reduces “overall situational awareness”
Ilya Markelov, head of unified platform product line at Kaspersky, said enterprises often rely on multiple vendors “by default, rather than through deliberate strategic planning”.
“While diversification of security solutions can offer certain benefits, such as risk mitigation and coverage breadth, an unchecked increase in complexity often leads to significant resource drain and operational inefficiencies,” Markelov said.
“Moreover, this complexity can create critical blind spots, making it harder to maintain comprehensive threat visibility and respond effectively to emerging risks.”
Tool sprawl is still plaguing cybersecurity teams
The study from Kaspersky is the latest in a string of warnings over tool sprawl in recent years. It’s not just an issue restricted to cybersecurity teams, however, with workers in other professions, such as software development, contending with the problem.
Analysis from Red Canary in October 2024 showed tool sprawl was a key challenge facing software development teams. The study came just weeks after separate research from IDC which examined the mental strain placed on teams as a result of tool sprawl, known as ‘context switching’.
Context switching refers to the process of moving from one environment or solutions stack to another in an employee’s daily workflow. Over two-thirds (70%) of respondents told IDC that switching between different tools reduced their efficiency.
Speaking at the time, Katie Norton, research manager for DevSecOps and software supply chain security at IDC, said context switching not only wastes an employee’s time, but also inflates costs.
Costs were another key issue highlighted by Kaspersky in its recent report, with the security firm warning 36% of UK businesses experience “budget overruns” due to overlapping solutions.
“These redundancies not only inflate costs but also complicate resource allocation and strategic planning,” the company said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
The top ransomware trends in 2025In-depth A splintering of top groups and changing attitudes toward payments are changing attacker tactics at speed
-
Should workers prepare to become AI agent bosses?In-depth Tech leaders claim employees could soon be managing AI agents – but this will require a huge culture shift, security awareness and governance
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
BreachForums founder resentenced to three years in prisonNews A US appeals court vacated his previous sentence and remanded the case for resentencing
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
-
Mobile app security is a huge blind spot for developer teams – 93% are confident their applications are secure, but 62% reported breaches last yearNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
