Training and turnover make it difficult to keep experienced security staff.

James Anderson, Senior News Editor

July 21, 2017

3 Min Read
Data Center people

A new security study concludes that businesses are understaffed and ill-prepared to evaluate and manage cyber risks.

Demisto has unveiled its “The State of Incident Response 2017,” which shows how incident response teams investigate potential cyberattacks.


Demisto’s Rishi Barghava

The results of the 200-plus respondents are not particularly encouraging. IT departments face a high volume of incidents – 350 per week on average – but 40 percent of organizations say they are not able to measure incident response. Even Verizon notably was slow in responding to a potential data breach last month.

One of the underlying factors for the lack of preparedness is staffing. Approximately four in 10 (40 percent) respondents say they have more incidents than their staff can handle. The vast majority of respondents (90 percent) say they struggle to find skilled security staff. More over, it takes an average of nine months to properly train new hires. All of that combines with a significant turnover; one-third of security staff leaves within three years.

“One goal for this unique study was to gain better insights into how to address future threats by determining today’s major pain points for organizations,” said Rishi Bhargava, Demisto vice president of marketing  “Incident response must continue to evolve to meet current and emerging threats. The key to effective incident response is having the right combination of people, technology and processes. However, this study revealed that many organizations are far from having this right combination.”

About half (54 percent) of the respondents say their two main priorities are security operations and incident response. Demisto says security teams need solutions that combine incident management, security orchestration and “collaborative investigation.”


SDN & Security: The time is now to discover the service opportunity in managing the security requirements of virtualized networks. Find out how!

“To ensure that the time of experienced and skilled analysts is effectively utilized and that their knowledge and experience don’t walk out the door with them, organizations need the ability to perform collaborative, interactive investigations to scale the incident-response function effectively within a security operations center,” the report said.

The study found that most companies do incident response in-house; 41 percent is fully in-house, while 42 percent is in-house with the help of consultants. Only one in 100 (1 percent) companies fully outsourced their security operations, while 15 percent partially outsourced.

“Outsourcing can be a viable option for many companies. Vendors specializing in cybersecurity recruit trained analysts with top-notch skills,” the report said. “They can often deliver results faster than in-house analysts and are typically more up-to-date on threats lurking in cyberspace. However, an organization may not be able to have ’round-the-clock access to analyses or data, and self-service functions may be limited.”

You can access the report on Demisto’s website. Demisto provides security automation and launched a channel program last month.

Read more about:


About the Author(s)

James Anderson

Senior News Editor, Channel Futures

James Anderson is a news editor for Channel Futures. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He writes about SD-WAN, telecom and cablecos, technology services distributors and carriers. He has served as a moderator for multiple panels at Channel Partners events.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like