A recent IDC survey of 600 senior security professionals in the U.S. and Europe, sponsored by Splunk, found that respondents experience an average of 40 actionable cyber incidents a week.
Just 27 percent say they're coping comfortably with that workload, with 33 percent describing themselves as "struggling" or "constantly firefighting."
What's more, less than half of respondents said they gather enough information about these incidents to take appropriate or decisive action.
Fifty-three percent said their biggest impediment to improving security is that resources are too busy on routine operations.
Tying Up Skilled Staff
"The amount of time companies are spending on analyzing and assessing incidents is a huge problem," IDC associate vice president Duncan Brown said in a statement. "The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations."
"This is exacerbated when considered alongside the security skills shortage, which has most impact in high-value areas like incident investigation and response," Brown added. "Organizations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimize impact."
Sixty-two percent of companies are attacked at least weekly. Thirty percent are attacked daily, and 10 percent are hit hourly or continuously. Forty-five percent said they're experiencing a notable rise in the number of security threats.
When asked what drives them to report a security incident to the board, the leading triggers listed were a sensitive data breach (66 percent), compromised customer data (57 percent), and a mandated notification to a regulator (52 percent).
Just 35 percent of companies have breach reporting to the board built into their defined incident response processes.
Personal Computer Issues
A separate FireMon survey of more than 350 IT security professionals found that 83 percent of respondents said colleagues in other departments turn to them to fix their personal computer problems, and 80 percent of those said those efforts take up more than an hour of their working week.
At average industry salary rates, FireMon suggests, that's over $88,000 per year spent on non-security related tasks. And for the 8 percent of respondents who spend five hours a week or more on colleagues' personal computer problems, that number would rise to around $443,300 per year.
"Not only are modern IT security professionals faced with a growing complexity and skills gap and keeping up with technology investments and advancements, but they are also expected by colleagues to help them sort out their personal computing woes," FireMon CMO Michael Callahan said in a statement.
"IT personnel are usually the helpful, go-to people for sorting out issues, but it's only when you start to cost it out that you realize how much money it equates to," Callahan added. "This is on top of a very demanding job where they often juggle many different workstreams and projects, oftentimes relying on strictly manual processes and workflows."