Font Size: A A A

Case Studies

Challenges for small cyber teams

Last year, in a survey of small security teams, an XDR platform spoke to 200 CISOs about the challenges of working in a small security team of five or fewer in places of between 500 and 10,000 employees.

Cynet saw that these teams had unique challenges, holding a critical role in the company, and yet often working with a lack of budget and skills. With the market shifting quickly, this year the company has revisited the survey. CISOs were asked to share their purchasing decisions, their budget constraints, and how they are facing industry challenges such as the skills gap, technology overlap, and tools that are built for and focused on larger enterprise security teams.

By comparing this year with 2021, apparent is a growing cultural shift in the way small security teams are handling their challenges. The technologies CISOs rely on have changed, from one year to the next, and the risk of overlapping security tools and a lack of visibility is more prominent than ever, according to the survey. Virtually all respondents admit to pain points in operating their security products and face barriers in maintaining their security posture. The findings point to more emphasis on consolidating technologies to gain greater visibility and control.

While in 2021, about half (52pc) of CISOs were relying on endpoint detection and response (EDR) tools, this year that number has leapt to 85pc. In contrast, in 2021, 45pc were using network detection and response (NDR) tools while this year just 6pc have NDR in place. EDR is also the number one tool for detecting threats, at 77pc with NDR almost non-existent at 3pc, despite being 46pc in 2021. Employers are seeing the value of EDR, as well as extended detection and response (XDR) tools which combine EDR with integrated network signals (up from 15pc usage to 30pc in 2022). In large part this is likely to be because of remote working norms, where employees are working outside of the company network, which is more difficult to secure.

Consolidating multiple security tools and technologies down to fewer, more robust and comprehensive tools is an essential task, and almost all CISOs have it on their roadmap, the survey suggests. As for tactics to cope with small cyber teams, rather than increasing the number of staff, organisations want to achieve more with what they have, by cutting down on unnecessary security tools.

Cynet suggests that medium-sized companies (below 10,000 employees) are increasingly defenceless against mounting cyberattacks. When even governments, such as Costa Rica’s, cannot protect themselves against increasingly sophisticated cyber criminal gangs, medium-sized firms are now on the point of being overwhelmed, according to Cynet.

Eyal Gruner, CEO and co-founder of Cynet said: “CISOs with small security teams struggle to purchase and maintain the comprehensive set of security solutions needed to protect their companies from increasingly sophisticated threats. The survey results once again show how these security experts continue to adapt their protection strategies in response to the ongoing wave of criminal and state sponsored cyberattacks.”

See also the company’s blog. There you can download the report.


The survey by Global Surveyz was of 200 CISOs from the United States, Canada and the UK, who work for commercial companies with 500 to 10,000 employees. Visit


Related News