A new study has found that 80% of companies plan to increase spending on their cybersecurity posture management over the next 12-18 months.

binary cyber security

The findings come among results taken from the Security Hygiene and Posture Management Survey conducted by IT analyst, research validation and strategy firm, ESG.

Posture management remains one of the least mature areas of security, leading many teams to be overwhelmed by what needs to be done to improve.

With increased spending in this area, organisations will be aiming to develop the cyber-risk quantification tools at their disposal, expand cloud security posture management and security asset management.

Jon Oltsik, Senior Principal Analyst & ESG Fellow, said:

“Protecting company assets from attack is quickly becoming a top priority for the C-suite.”

The ESG study of just under 400 IT and security professionals found that three quarters of respondents surveyed are using manual processes like spreadsheets. Similarly, 70 percent have more than ten security tools to manage their security hygiene and posture. Using manual processes and an extensive number of tools leads organizations to feel overwhelmed.

Respondents said they face considerable challenges including:

  • Keeping up with the volume of open vulnerabilities
  • Automating the process of vulnerability discovery, prioritization, dispatch to owner and mitigation
  • Identifying all assets that need to be scanned.

As organisations mature their security posture, they often look to measure their progress through business metrics and outcomes.

Of those surveyed, 36 percent said one of the most important security hygiene and posture management metrics is cyber risk quantification: the ability to calculate cyber risk in monetary terms.

Money is a common language that allows everyone involved to make better decisions, from IT and security teams to leadership and the board of directors.

Balbix CEO, Gaurav Banga, said:

“To overcome the challenges outlined in the survey, it is imperative that companies take the first step to automate their security posture. Organizations need to integrate their tools and move away from manual processes to improve visibility and be able to quickly respond to new threats.”