The modern IT manager’s headache: More alerts, fewer resources

Firewalls, EDR, identity protection, and network monitoring are now standard. The issue IT managers repeatedly raise is not lack of technology, but lack of time, structure, and people to act on what those tools detect.

When alerts pile up, teams are forced to prioritize only the most obvious incidents. Medium-severity signals are postponed, even though experience shows these often become the entry point for larger attacks if left unresolved.

This gap between detection and response grows more dangerous as attack frequency and complexity increase.

The VikingCloud 2025 Cyber Threat Landscape Report [1], based on a survey of 200 cybersecurity leaders across the US, UK, and Ireland, highlights a clear shift:

• 71% report increased attack frequency (up from 46% the year before)
• 61% report increased severity
• 59% experienced at least one successful cyberattack in the past 12 months
• Over 50% lost more than 5% of annual revenue due to a single incident

Nearly 80% of leaders say they are concerned or extremely concerned about being targeted by nation-state attacks, often indirectly through software supply chains or third-party vendors.

Traditional security controls were not designed to detect long-term, stealthy attackers. As VikingCloud notes, many modern attacks focus on persistence, lateral movement, and delayed impact, rather than immediate disruption.

This trend is echoed by Gjensidige, an insurance company well-known in Norway, Sweden, and Denmark. In their analysis of recent attack patterns, Gjensidige highlights that cybercriminals are targeting small and medium-sized businesses, not because they are less important, but because they are often easier to compromise. (Rønning, 2025)

Many SMBs play critical roles in larger value chains, making them effective stepping stones into bigger environments. Limited ability to respond around the clock means early warning signs often go unnoticed.

Operational experience across incident response engagements shows a consistent pattern: the earlier suspicious activity is investigated, the smaller the impact tends to be.

Industry research supports this. According to the IBM Cost of a Data Breach Report [2], the global average cost of a data breach in 2025 is USD 4.44 million, down from USD 4.88 million the year before. Organizations that use AI and automation in their security operations shorten breach lifecycles by an average of 80 days and reduce costs by roughly USD 1.9 million.

The report also highlights how threats are evolving. Ransomware and extortion attacks can exceed USD 5 million when attackers disclose stolen data. At the same time, AI-driven attacks now contribute to roughly one in six breaches, often through AI-generated phishing or deepfake impersonation.

These findings reinforce a critical point: detection alone is not enough. Organizations must also be able to investigate and respond quickly, before attackers gain traction to expand their access and impact.

Want to understand how detection and active response work together? Read our article about Security Operations Control as a Service and Managed Detection and Response.

Modern security leaders align their work with established frameworks such as the NIST Cybersecurity Framework, which emphasizes continuus processes across identifying, protecting, detecting, responding, and recovering.

The key takeaway is simple: Security works as a continuous operating discipline, or it doesn't work at all.

IT leaders are under pressure to reduce complexity, regain visibility, and make sure alerts consistently lead to action. This often requires rethinking how security operations are structured, not just what tools are deployed.

The critical question has shifted: "Do we have the structure, coverage, and capacity to use our security tools effectively?".

For many organizations, especially those without a dedicated SOC, this becomes a strategic discussion about priorities, readiness, and risk exposure. If this sounds familiar, the next logical step is to understand where your organization actually stands today.

Take a structured self-assessment across five areas: monitoring visibility, alert investigation, incident response readiness, operational coverage, and response effectiveness. Score yourself and see where the gaps are.