Report: The Challenges False Positives Create For Cybersecurity Industry


CRITICALSTART’s report, The Impact of Security Alert Overload, details the challenges false positives are creating for the cybersecurity industry. After surveying Security Operations Center (SOC) professionals across enterprises, Managed Security Service Providers (MSSP), and Managed Detection Response (MDR) providers, CRITICALSTART found that 70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day. 

Perhaps even more alarming is that survey respondents reported a false-positive rate of 50% or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.

Other key findings from the report include:

  • The clock’s ticking: 78% of respondents said it takes more than 10 minutes to investigate each alert, a significant increase from 64% who said the same in 2018.
  • Quantity over quality: Only 41% of survey respondents believe their primary responsibility is to analyze and remediate threats, opting instead to reduce investigation times and alert volumes, a dramatic decrease from 70% in 2018.
  • Training drain: Nearly half of those surveyed said they receive just 20 hours or less of training per year.