What’s more, 95% of information security decision-makers reported that they do not feel that senior management trusts their security teams to keep their organizations protected.

The report is based on a survey of 1,000 senior IT security decision-makers at firms with $50 million to $10 billion in sales. The respondents all had some cybersecurity involvement within their organizations and hailed from the U.S., the UK, Ireland, Spain, Italy, Singapore, Hong Kong, Japan and Brazil. Independent market research specialist Vanson Bourne conducted the survey in the first quarter of 2023.

According to Kroll, the survey also shows “misplaced” trust. While 66% of IT security decision-makers said they felt employees were trusted to stop a cyberattack, that’s more than the 63% who said the same of the security team’s ability to stop threats. Also seen as less trusted were the accuracy of data alerts (59%), the effectiveness of cybersecurity tools and technologies (56%) and the accuracy of threat intelligence data (56%).

The report also finds that only 37% of IT security decision-makers “completely” trust that their organization can successfully defend against all cyberattacks. As Fintech Global reports, this was a “surprising reveal.”

According to Kroll, the more cybersecurity platforms an organization deployed, the more cybersecurity incidents the organization experienced. Organizations in the survey averaged eight cybersecurity platforms installed.

Just 24% of respondents reported having a managed detection and response (MDR) or managed security service provider (MSSP) solution, per the report. (Kroll offers MDR and MSSR services.)

Pierson Clair, managing director of cyber risk at Kroll, said in a press release that “there is a frequent overestimation in the capabilities of security tools without continued managed response.”