New Study Reveals 81% of Enterprises Have an Inadequate Approach to Cyber Risk Management

The Managed Cyber Risk Reduction (MCRR) Opportunity Snapshot highlights the increasing need to implement a proactive approach to cyber risk management and reduction for business success.

PLANO, TX, January 17, 2024 – Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions and pioneer of Managed Cyber Risk Reduction (MCRR), announced the results of a commissioned study conducted by Forrester Consulting on behalf of Critical Start, which found that 81% of surveyed security and risk leaders agree their organization’s cyber risk management approach is inadequate and 97% agree their organizations need to be more proactive in the way it manages cyber risk. The study highlights insights from security executives around the current state of cyber risk management in enterprise organizations and priority investments companies are making to improve security management.

“Amidst the challenges posed by the evolving threat landscape, coupled with the strains of staffing shortages and limited organizational security visibility, the effective management of cyber risk has become an increasingly formidable task,” stated Randy Watkins, CTO of Critical Start. “We believe Forrester’s research highlights the desire for organizations to be more proactive in the way they manage cyber risk. As demand for assistance in understanding, intelligently prioritizing, and addressing cyber risk grows, we anticipate a surge in collaborations with third-party experts like Critical Start to help.”

Effective Cyber Risk Management and Reduction Requires a Holistic Vision and Strategy

Security teams are looking for ways to improve visibility of their organizational cyber risk, including areas such as asset inventory, security controls, and incident response plans. Without a clear view of risks, 39% of leaders reported being unable to connect risk reduction metrics to key business strategies and investments.

Limited organizational visibility, in addition to the constant need to address cyber threats, typically results in cybersecurity teams struggling to become more proactive with their security programs.

With 92% of respondents agreeing their organization needs a more comprehensive cyber risk approach, organizations should consider investing in offerings that combine platform and services. Platforms that provide risk assessment, controls monitoring risk prioritization capabilities paired with services to for a complete and managed way to proactively mitigate risk and improve organization visibility.

Reactive Cyber Risk Approaches are Burdening Security Teams

Seventy-seven percent of security and risk leaders are concerned security staff spend too much time responding to security incidents versus working on other important tasks. A more proactive cyber risk reduction approach also helps address risks before they become incidents, ideally allowing staff to focus on other security areas.

Third-Party Providers are for a Valuable Risk Reduction Resource

As security and risk leaders look to advance their cyber risk management capabilities, many will seek out partners to bring valuable technology, expertise, and staffing resources to help them better execute holistic risk reduction strategies.

Experienced third parties that bring the right skills and technology to offer Managed Cyber Risk Reduction and can offer customers the greatest risk reduction per dollar invested. Nearly 40% of leaders value partners for helping them stay aware of emerging threats and risks. Additionally, 51% of leaders surveyed intend to use third parties to support security training for their teams, and 45% will use third parties to increase security staffing to bring necessary expertise to the company.

For more study findings and recommendations on how security leaders can improve managing their cyber risk reduction strategies, download the full study here and join Critical Start’s webinar on February 7, 2024.


This Opportunity Snapshot was commissioned by Critical Start. To create this snapshot, Forrester Consulting supplemented this research with custom survey questions asked of 231 security and risk leaders responsible for cyber risk strategy at North American enterprises. The custom survey was completed in December 2023.

About Critical Start

Organizations today face the challenge of aligning their cyber protection measures with their risk appetite. CRITICALSTART®, a pioneer of the industry’s first Managed Cyber Risk Reduction solutions, provides holistic cyber risk monitoring via its Cyber Operations Risk & Response™ platform, paired with a human-led risk and security operations team, combined with over 8 years of award-winning Managed Detection and Response (MDR) services. By continuously monitoring and mitigating cyber risks, Critical Start enables businesses to proactively protect their critical assets with a measurable ROI. The company’s platform provides maturity assessments, peer benchmarking, posture and event analytics, and response capabilities. Its risk and security operations team evaluates and actions threats, risks, vulnerabilities, and performs comprehensive threat intelligence research. Critical Start enables organizations to achieve the highest level of cyber risk reduction for every dollar invested, allowing them to confidently reach their desired levels of risk tolerance.

Follow Critical Start on LinkedIn, X, Facebook, Instagram.

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Benchmark your cybersecurity against peers with our Free Quick Start Risk Assessments tool!
This is default text for notification bar