Enterprises Take Up Arms Against Perilous Threats but Still Struggle with Unwieldy Security Tools

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • Enterprises are under constant threat with no signs of abatement. The Verizon 2025 Data Breach Investigations Report (DBIR) notes a 37% rise in ransomware versus 2024.
  • Cisco’s May 2025 State of Security Report found that 59% of the 2,058 security professionals surveyed spend excessive resources maintaining tools and affiliated workflows.

The nature of cybersecurity is dynamic, as the threat landscape is in constant flux, making the discipline a daunting exercise environment for security practitioners. Even well-resourced organizations struggle to manage risk effectively as bad actors apply a combination of advanced technology and sophisticated techniques to exploit enterprise vulnerabilities. Verizon’s 2025 Database Investigations Report (DBIR), an examination of 22,052 security incidents, 12,195 of which were verified to be data breaches, found that in 20% of all breaches, vulnerabilities were the entryway for a breach. This makes it the second most common initial avenue for a breach, just behind credential abuse.

The distributed design of the digital enterprise, in combination with the interconnected nature of organizations with their suppliers and partners, can translate into more potential points of exposure. The DBIR reported that the percentage of breaches associated with a third-party doubled, increasing to 30% from 15% in 2024.

There is a real element of frustration in the industry. While machine learning and analytics have come a long way toward expediting and improving the accuracy of threat identification, there is often a significant lag time in detecting a breach. This kicks the door open for additional attacks and puts enterprise assets at greater risk.

In Cisco’s 2025 State of Security report published this month, the surveyed security professionals flagged a number of issues as impeding their efficacy. Forty-nine percent observed that, despite progress in threat detection, they are still contending with alerting issues. Their mélange that makes up so many security infrastructures itself can be a big part of the problem. Forty-six percent said they spend more time maintaining tools than shielding their enterprise from threats. Twenty-seven percent noted managing the multi-vendor environments populated with solutions that don’t communicate with each other is a barrier to effective security.

Staffing, or the lack thereof, remains a major impediment to effective security, with 49% flagging it as an issue. Skills limitations are also problematic. The State of Security respondents called out some of the areas where they have the biggest deficits currently – detection engineering, DevSecOps, and compliance management will be some of the most important for security operations centers (SOCs) in the future.

What ideally will this SOC of the future look like, and how will organizations get there? Increasingly, the discussion with respect to the future of security operations centers on platformization, a consolidated approach to protecting enterprise assets from threats. Respondents who are adapting a unified security platform are already seeing benefits. Fifty-nine percent said the consolidated platform has led to accelerated threat identification. Fifty-three percent said they are spending less time in tool maintenance mode. Just under 50% said they are also seeing better threat coverage through a unified platform.

The move to a unified security platform obviously requires resources and careful planning. But it is clear from the current state of cybersecurity operations that something needs to be done. Enterprises are pressing vendors for a more streamlined architecture with better integration between and among disparate solutions. A platform could be the unifying element in this model.

Leave a Reply