Cybersecurity incidents cost organizations an average of £2.7 million over the past year, with budgets failing to keep pace with increasing threats and skills shortages.
Red Canary's new Security Operations Trends Report found 80% of security leaders are spending more than ever on security – but that breaches and threats keep growing.
The attack surface has widened by 41% in the past 12 months, while 73% of security leaders say the time from detecting an attack to resolution has increased.
Meanwhile, organizations are hampered by a lack of skills, with 75% saying they have skills shortages around intrusion detection and 72% around incident response.
Security operations center (SOC) teams are struggling with the challenges of securing cloud environments, identities, and AI technologies amid evolving threats, amplifying the risk and business impact of cyber attacks.
And the cost is high, with security leaders estimating that, on average, cyber incidents cost their organization $3.7 million over the last year. Nearly half (46%) said they had suffered from an outage or disruption to their services as a consequence of attacks.
As a result, Red Canary said enterprises are turning to AI, with the top use cases in security operations today being detection analytics at 65%, intrusion detection at 59%, and SIEM management at 54%.
However, 75% of security leaders said they worry that while AI helps security teams work faster, it could ultimately reduce their ability to solve problems independently.
"CISOs, like their peers in lines of business, know they need to augment their teams with AI and automation, but finding security products and services that deliver actual value is hard amidst all the hype and empty marketing,” said Brian Beyer, co-founder of Red Canary.
“They need to go all in on expert-supervised AI agents that support security analysts in threat detection, investigation, and response, with the focus on proven solutions powered by LLMs trained on real-world data to deliver unmatched speed and accuracy – not just the latest shiny tool or a legacy vendor repackaging itself as AI.”
Security leaders see AI as a necessity – in fact, 85% say the real risk is being overwhelmed by the thousand missed threats that will get through if they don't automate more.
“AI is already transforming how security teams operate. SOC teams are under immense pressure, and AI is giving security analysts the ability to cut through noise and respond to threats faster," said Beyer.
"AI works best as a force multiplier, augmenting human judgment rather than replacing it. The organizations that lean into this shift now will not only ease the strain on security analysts but put themselves in the best position to anticipate emerging threats and stay ahead of disruption in an increasingly unpredictable environment.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
