Companies increase investment in offensive security; the most well-protected companies reveal the perfect investment balance for offensive and defensive security measures
SAN FRANCISCO, Feb. 14, 2024 /PRNewswire-PRWeb/ -- Cobalt, the pioneers of Pentest as a Service (PtaaS), empowering businesses to operate fearlessly and innovate securely, has today announced the release of the inaugural OffSec Shift Report. The report highlights the evolving state of cybersecurity risks and uncovers a huge trend towards blended offensive/defensive approaches, and the improved protection being realized by those at the forefront of this shift.
After surveying more than 1,200 security professionals employed across DevOps, SecOps, IT Security, Network Security, Cloud Security, or InfoSec roles in the U.S. and U.K., Cobalt found:
-
Increases in defensive (blue team) measures helping, but not enough: While 47% report they increased their defensive cyber security spend, 41% reported not feeling confident in their company's current defensive cybersecurity measures; a statement that those who decreased their security budget in the last 12 months were 81% more likely than average to make. Indicating an important shift, 74% agree that defensive measures are not enough and that their company's cybersecurity would be stronger if more budget were allocated towards offensive measures.
-
The Offsec (red team) shift is underway: 84% expect to increase the budget for red team operations in 2024, with an average increase of 33%. This comes off an already impressive growth for offensive security, where 63% say their team conducted more red team exercises in 2023 than they did in 2022.
-
The impact of increased offensive security testing is being seen: 75% say their company conducts more regular penetration testing annually now than they did last year. Of those, 82% agree that increased penetration testing decreased successful breaches by over 50% in the past 12 months. And 86% say that increased penetration testing significantly sped up their team's incident response.
-
With breaches more costly, organizations work to find the perfect shade of purple: 75% report that the financial impact of data breaches has increased, with each costing companies an average of $1.65M. This reality has organizations searching for the right shade of purple. Of those who invested in purple team operations in 2023, 93% say that the integration of their red and blue teams enhanced their company's cybersecurity capabilities. And they believe the ideal split looks like a 54% defensive and 46% offensive operational split.
"This report shows the importance of the OffSec shift. This isn't a passing trend. It's the necessary reaction to our evolving threat landscape and market conditions that require real value for each dollar spent on security control. Every organization needs to consider how it brings offensive measures to the forefront of their cybersecurity strategies," said Caroline Wong, Chief Strategy Officer at Cobalt. "As the attack surface at each organization continues to evolve at an unprecedented pace, investing in comprehensive security solutions is paramount to safeguarding digital assets and ensuring the resilience of businesses against ever-changing risks."
In today's evolving threat landscape, it is more important than ever for businesses to develop mature offensive cybersecurity measures in addition to their existing defensive controls. This combined effort allows businesses to proactively identify and mitigate potential vulnerabilities before they are exploited by attackers while ensuring protection against existing threats to safeguard sensitive data and maintain operational continuity.
The OffSec Shift Report is the first report of its kind. To view the full report and learn more about what it uncovered, visit https://resource.cobalt.io/offsec-shift.
About Cobalt
Cobalt infuses manual security testing with speed, simplicity, and transparency. Our award-winning Pentest as a Service (PtaaS) model empowers organizations to keep pace with their evolving attack surface and agile software development lifecycles. Thousands of customers and hundreds of partners rely on Cobalt's modern SaaS platform and exclusive community of more than 400 trusted security experts to secure applications, networks, and devices. We deliver security testing that supports business drivers, maximizes internal resources, and creates stronger security programs so that organizations can operate fearlessly and innovate securely.