Cybersecurity teams are wasting time, money, and effort dealing with tool sprawl and ‘multi-vendor ecosystems’

Cybersecurity practitioners are growing increasingly overwhelmed managing tools from multiple vendors, according to new research from Kaspersky.

A recent study from the security firm found nearly three-quarters (74%) of companies in the UK rely on “multi-vendor ecosystems” – a trend which is putting them at increased risk and burning out staff.

Indeed, over one-third (36%) of UK cyber workers said their security stacks are “overly complex and time-consuming” to maintain, which in turn is hampering their ability to respond to emerging threats.

Maintaining disparate tools has a knock-on effect across the cybersecurity segment at most businesses, the study noted. Compatibility issues were highlighted as a key challenge, for example, with 43% of respondents indicating they cannot keep a handle on security processes because of a lack of cross-platform integration.

This, the study warned, often leads to manual interventions and increases the chances of human error or blind spots, leaving the business open to breaches.

Similarly, 36% said they struggle with “inconsistent threat visibility” due to the growing array of tools and solutions. As data is collected from various vendors, Kaspersky noted this also creates blind spots and reduces “overall situational awareness”

Ilya Markelov, head of unified platform product line at Kaspersky, said enterprises often rely on multiple vendors “by default, rather than through deliberate strategic planning”.

“While diversification of security solutions can offer certain benefits, such as risk mitigation and coverage breadth, an unchecked increase in complexity often leads to significant resource drain and operational inefficiencies,” Markelov said.

“Moreover, this complexity can create critical blind spots, making it harder to maintain comprehensive threat visibility and respond effectively to emerging risks.”

Tool sprawl is still plaguing cybersecurity teams

The study from Kaspersky is the latest in a string of warnings over tool sprawl in recent years. It’s not just an issue restricted to cybersecurity teams, however, with workers in other professions, such as software development, contending with the problem.

Analysis from Red Canary in October 2024 showed tool sprawl was a key challenge facing software development teams. The study came just weeks after separate research from IDC which examined the mental strain placed on teams as a result of tool sprawl, known as ‘context switching’.

Context switching refers to the process of moving from one environment or solutions stack to another in an employee’s daily workflow. Over two-thirds (70%) of respondents told IDC that switching between different tools reduced their efficiency.

Speaking at the time, Katie Norton, research manager for DevSecOps and software supply chain security at IDC, said context switching not only wastes an employee’s time, but also inflates costs.

Costs were another key issue highlighted by Kaspersky in its recent report, with the security firm warning 36% of UK businesses experience “budget overruns” due to overlapping solutions.

“These redundancies not only inflate costs but also complicate resource allocation and strategic planning,” the company said.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plate
• Cybersecurity teams are understaffed, overworked, and underfunded – and it’s taking a heavy toll on mental health
• Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools