New XM Cyber Survey: How Organizations Secure Their Digital Frontiers

Posted by: Batya Steinherz
January 11, 2024
Getting your Trinity Audio player ready...

The digital world has become a battleground. In recent years, cyberattacks have continued to grow in frequency, scope, sophistication and impact. Despite monumental efforts to stop them, attackers keep finding new ways to get past defenses. Threats, as any security stakeholder knows, do not begin and end with CVEs: the threat landscape has grown far more complex.

Pressure from regulators and shareholders is pushing organizations to improve how they respond to incidents, how they share information and how they enhance transparency. Yet how exactly is this happening? How effective are organizations at remediating exposures beyond CVEs? What actually motivates organizations in their efforts to fortify security posture? And what challenges do organizations face while maturing their security posture under intense regulatory scrutiny and evolving cyber threats?

To answer these and many other questions, XM Cyber surveyed key decision-makers like CISOs, Directors, and Heads of Security, from 300 US and UK-based based organizations. The results are available for free here. In this post, we’ll give you a taste of what the full report offers.

To access the full report with all our insights and findings, download it now.


Findings Snapshot: Report Highlights

  • 87% of organizations recognize the necessity of proactive measures against cyberattacks and plan to increase commitment to vulnerability and exposure remediation in the next 12 months.
  • Organizations handle an average of 12 exposures per week, involving 62% of IT and security teams. However, this effort falls short, leading to a widening remediation gap.
  • A striking 82% of surveyed companies reported an increase in the gap between the number of vulnerabilities/exposures in their environment and their ability to remediate them.
  • Despite efforts, 68% of organizations struggle to effectively communicate their cybersecurity posture to leadership, emphasizing the urgency for better communication strategies.
  • 90% of respondents face challenges addressing exposures due to outdated legacy systems.


Drill Down 1 – The Vulnerability Gap

The survey uncovered a striking trend: the vast majority of companies (82%!) see a growing gap between the number of vulnerabilities in their systems and their capacity to fix them. 

This finding highlights the growing struggle in organizations to keep up with the rising volume of vulnerabilities. And it’s not just CVEs. Organizations face more complex issues like misconfigurations and weak credentials, which are tougher to quantify and compound the remediation challenge.

Interestingly, this statistic might actually reflect an underestimation of the true extent of the issue. The 82% figure might not account for those in the remaining 13% who either aren’t aware of the increasing gap or have managed to reduce it through substantial efforts.

This data underscores the immense difficulty organizations face in staying on top of vulnerabilities. As these issues continue to grow in complexity and volume, there’s a pressing need for more effective strategies to bridge this widening gap and mitigate potential risks to systems and data.

Drill Down 2 – The Communication Gap

The study found that 68% of companies think that effectively communicating the current state of their security posture is “highly valuable” to company leadership and the board.

This figure spotlights a notable challenge: despite significant investments in security, many companies struggle to convey progress to top management. This communication gap not only affects how security teams’ efforts are recognized, but also impacts turnover rates and budgets.

The communication gap poses broader issues, too. For one, it hinders organizations from justifying increased budgets needed for adequate risk mitigation. Without effectively communicating their status and progress, making a compelling case for additional resources becomes difficult.

Addressing this gap requires better communication strategies. It’s not just about meeting reporting requirements. It’s also about acknowledging and incentivizing security personnel. And it’s about fostering a positive cybersecurity culture within organizations.

The communication gap has ripple effects beyond reporting. It influences workforce stability, financial planning, and the overall perception of cybersecurity efforts within the organization. That’s why prioritizing communication is pivotal not just to convey progress but also to cultivate a supportive environment for cybersecurity.


The Bottom Line

The above is just a taste of the many critical challenges in cybersecurity strategies our survey highlights. In essence, it is a call to action for organizations to rethink their cybersecurity approaches – adopting new strategies that transcend conventional boundaries, fortifying legacy system and cloud deployments, and facilitating more effective communication with leadership. 

Want to learn more? The full report offers nuanced insights and strategies essential for organizations navigating this complex landscape. To access the full report with all our insights and findings, download it now.


Batya Steinherz

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.