CISOs have voiced concerns about a possible gap between the tools they need to protect their enterprise vs. the tools they actually have in place.
A 2020 survey of 300-plus security professionals from security software maker LogRhythm found that 93% said they lack the needed tools to detect known threats and 92% said they lacked the appropriate preventative solutions to close gaps in security.
A 2019 report from AttackIQ and the Ponemon Institute uncovered similar concerns about enterprise security tools: 53% of the 577 IT and IT security professionals surveyed said they don’t know how well their security tools are working and more than half said they’re not getting full value from their security investments.
Those statistics don’t tell the full story, however, according to several security experts. They agree that some CISOs may indeed lack enough tools to adequately secure their organizations, but they stress that the real issue isn’t about having too few technologies to do the job. Rather, they say that such surveys are actually indicative of a larger, more complex problem where CISOs face a security gap due to having the wrong set of tools for their own organization’s risk profile and its risk appetite.
