Despite massive security spending, 44% of CISOs fail to detect breaches

Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon.

Blind spots undermine breach detection

CISOs identified blind spots as a key issue, with 70% of CISOs stating their existing security tools are not as effective as they could be when it comes to detecting breaches due to limited visibility.

Modern cybersecurity is about differentiating between acceptable and unacceptable risk,” says Chaim Mazal, CSO at Gigamon. “Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid cloud infrastructure against today’s emerging threats. It’s clear current approaches aren’t keeping pace, which is why CISOs must reevaluate tool stacks and reprioritize investments and resources to more confidently secure their infrastructure.”

Blind spots across hybrid cloud infrastructure are a top concern for 8 out of 10 CISOs, with 81% agreeing that cloud security is dependent upon gaining complete visibility into all data-in-motion. This includes visibility into lateral (East West) traffic and encrypted traffic, where 93% of malware hides today, creating a perfect opportunity for cybercriminals to breach a network. As a result, gaining visibility into encrypted traffic was listed as a priority for 84% of CISOs.

Overinvestment in new security tools has led security teams to struggle with sprawling tool stacks. Coupled with the growing costs associated with data storage and management, CISOs are under immense pressure to optimize their existing security investments. 76% of CISOs report being overwhelmed by the increasing volume of threats detected from a growing number of tools on an increasing number of assets. As a result, 6 in 10 CISOs listed tool consolidation and optimization as their number one priority for remediating blind spots.

AI raises concerns among CISOs

CISOs are increasingly concerned about the potential for AI to fuel the growth of global ransomware threats, with 83% expecting a significant impact in the coming year. While deepfakes have garnered much attention, the more pressing threat is the volume and quality of cyberattacks that AI can enable. AI is empowering novice attackers with advanced capabilities and accelerating the discovery of exploitation techniques, underscoring the need for greater, more comprehensive visibility. 46% of CISOs will use security automation and implement AI to remediate visibility gaps.

As CISOs evaluate increasingly complex hybrid cloud environments, greater visibility is the common goal, with 82% agreeing that deep observability – the ability to deliver network-derived intelligence and analysis to cloud, security, and observability tools – is a foundational element of cloud security.

Deep observability goes beyond traditional monitoring, providing real-time insights into all network traffic based on network telemetry, including encrypted data and lateral traffic. This comprehensive view is crucial for identifying and mitigating cyber threats in real-time, which is why 85% of CISOs agree that having access to packet-level data and rich application metadata can unlock deeper insights, strengthening security posture.

The importance of this comprehensive visibility is also reaching the boardroom, with 81% of CISOs reporting that their boards are discussing deep observability as a priority to better secure and manage hybrid cloud infrastructure, reinforcing its importance for 2025 budget planning.

“Today’s CISOs recognize that security and observability are intrinsically connected,” said Stephen Elliott, group vice president, IT Operations, Observability, and CloudOps at IDC. “The network provides a crucial layer of context that can inform security operations and vice versa, which is why modern security teams are leveraging network-derived intelligence and insights to understand the true impact of a threat and prioritize their responses accordingly.”