Only about a fifth of cybersecurity leaders today are confident about their organization\u2019s cybersecurity approach, with only a half trusting the training they provide in-house, according to an EY study.\n\nThe study that surveyed 500 cybersecurity leaders worldwide found them to be struggling with their organization\u2019s defenses even as the number of cyberthreats and associated costs increased.\n\n\u201cAfter all the time and money spent on cybersecurity, CISOs still feel very unprepared against cyberthreats,\u201d Richard Watson, EY Global and Asia-Pacific cybersecurity consulting leader, said in a press release. \u201cThe levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty, and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.\u201d\n\nThe study also revealed slower detection and response times by organizations amid growing attack sophistication.\n\nCosts escalate but response dwindles\n\nThe study observed a rise in the annual cybersecurity incidents as respondents reported an average of 44 incidents in 2022. This, in turn, inflates the spending in terms of security, response, and insurance costs.\n\nCISO respondents reported an average annual spend of $35 million on cybersecurity, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.\n\nThe response time, however, hasn\u2019t improved quite as well despite funds going into cybersecurity tools. \u201cDespite high levels of spending, detection and response times appear slow,\u201d the study highlighted. \u201cMore than three-quarters of respondents (76%) say their organizations take an average of six months or longer to detect and respond to an incident.\u201d\n\nThe biggest internal challenges to the organization\u2019s cybersecurity approach were reported to be \u201ctoo many potential attack surfaces\u201d at 52%, and \u201cdifficulty balancing security and innovation speed\u201d at 50%.\n\nThe study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organization\u2019s cybersecurity preparedness. While 60% of CISOs were confident about the C-suite integration of cybersecurity into key business decisions, only over half of other C-suite officers believed they were effective. There was also a huge gap (12%) between their satisfaction with the overall cybersecurity preparedness.\n\nStudy noted an emphasis on security through simplification\n\nFor better understanding and evaluation, the study was able to categorize the responding organizations into \u201csecure creators\u201d and \u201cprone enterprises.\u201d The grouping was done on the basis of the number of solutions used, the adoption of emerging technologies, and the use of technologies to simplify their automation environments.\n\nThe study found that secure creators are more satisfied with their approach to cybersecurity, experience fewer cybersecurity incidents, and can detect and respond to incidents quicker. About 70% of them are early adopters of emerging technologies.\n\nThe secure creators are also more focused on extracting the most value from specific advanced solutions, with 62% already using or in the late stages of implementing AI\/ML solutions, as compared to only 45% of the prone enterprises.\n\n\u201cWhen it comes to technology, the more clutter an organization has in its armory, the harder it is to pick up signals and get on top of issues quickly,\u201d Watson said. \u201cCISOs should focus not on bolting on new technologies but integrating existing ones better. Organizations are now inextricably and digitally linked to businesses in their supply chain.\u201d\n\nAdditionally, 52% of secure creators have adopted security, orchestration, automation, and response (SOAR) solutions while only 38% of prone enterprises did so. Secure creators also reported (45%) improved adaptability of their existing solutions as threats change, as they believe they use their tools to their best capacities. \n\nOrganizations experience very different outcomes partly as a result of their cybersecurity strategy, EY noted in the study. In line with these findings, EY has recommended simplifying the cybersecurity technology stack, using automation, incremental and well-designed training, and effective inter-tier communication.