Security Outcomes Study, Vol. 2

The original Security Outcomes Study identified 25 best practices, but five stood out as the “Fab Five” drivers of success across every measured outcome. Volume 2 digs deeper into “why” these practices work and “how” organizations should implement them to maximize their effectiveness. Based on a double-blind survey of over 5,100 professionals, this research extractsalient strategies for updating architecture, detecting threats, and staying resilient.

The findings place a premium on integration and modernization. Modern, well-integrated IT contributes to overall program success more than any other security practice or control. Organizations that source from a preferred vendor are twice as likely to achieve an integrated tech stack compared to those with a hands-off approach. This report rewards the click by proving that these architectural choices aren’t just about convenience—they are seven times more likely to enable the mature automation teams need to scale.

Operational success also depends on a strategic blend of human expertise and automation. Teams that extensively use threat intelligence are twice as likely to report strong detection and response capabilities. The report also provides a compelling case for the “chaos monkey,” showing that organizations that make chaos engineering a standard practice are twice as likely to achieve high levels of resiliency.

Key Findings

• The “Outdated” Tax: On average, 39% of security technologies used by organizations are considered outdated, severely limiting defense capabilities.
• Integration as an Automation Engine: Well-integrated security technologies are seven times more likely to achieve high levels of process automation than fragmented ones.
• Internal Team Response Speed: Internal SecOps teams contain incidents in roughly half the time (6 days) of mostly outsourced teams (13 days).
• The “Fab Five” Core: Proactive tech refresh, well-integrated tech, timely IR, accurate detection, and prompt recovery are the five keys to overall success.
• SecOps Performance Boost: SecOps programs built on strong people, processes, and technology see a 3.5X performance increase over those with weak resources.
• Resiliency Through Testing: Organizations that regularly test disaster recovery in five different ways are 2.5 times more likely to maintain business continuity.