Many organisations are still using a reactive, defensive posture to address cyber security incidents. When a security incident is reported, the organisation investigates it and isolates and contains the threat. This is followed by remediation efforts and a root-cause analysis to prevent a reoccurrence of the incident.

But such a reactive approach creates enormous opportunities for cyber criminals to both take advantage of known vulnerabilities and search for those that are yet unrealised.

New opportunities constantly evolve due to human error, faulty configurations in the infrastructure, flaws in the software, and problems with applications. Advanced cyber adversaries are skilled at locating the not-yet realised vulnerabilities.

And these criminals are increasingly successful in thwarting technology that should protect an organisation.

Report published by Deloitte.