 
    New global business research shows how security sprawl increases risk
International research for Barracuda shows that 65% of organizations believe they have too many security tools, and over half (53%) say their tools can’t be integrated. This lack of integration significantly weakens defenses, with 77% saying it hinders detection and 78% citing challenges in threat mitigation.
According to new international research commissioned by Barracuda from Vanson Bourne, the security complexity of a modern organization keeps over a third (38%) of security professionals awake at night. This is even higher for respondents in companies with 1,000 to 2,000 employees (42%), and in the education (48%) and healthcare (42%) industries.
The study polled 2,000 senior security decision-makers in IT and finance/business roles in the U.S., UK, France, DACH, Benelux, the Nordics, Australia, India and Japan — across a wide range of industries and in companies with between 50 and 2,000 employees.
Too many tools undermine protection
Organizations today need to manage a multitude of computing devices, data, software applications, cloud-based assets, and more, all connected to each other and to the outside world. Every new addition and connection point needs to be protected. Over time, IT security teams end up juggling a collection of security tools, often from different vendors, each brought in to address a specific concern or gap. These tools all require continuous monitoring and management.
The findings of the new research show that most organizations struggle with security sprawl: 65% of respondents overall believe their organization is trying to juggle too many security tools and/or vendors, rising to 69% among organizations that had experienced a ransomware or email breach in the last year.
More than half (53%) of those surveyed say their security tools can’t be integrated with each other, creating fragmented environments that are difficult to manage and secure.
 
    
    
    
These under-managed IT security environments increase risk. For example, 80% of respondents report that the lack of security tool integration increases the time required to manage security, while 81% cited higher overall costs. Additionally, it significantly weakens threat defense capabilities, with 77% saying it hinders detection and 78% citing challenges in threat mitigation.
The situation is bleakest in education and local government, with healthcare and recreation and entertainment not far behind — industries that often struggle with security resourcing and are prominent targets for cyberattacks.
 
    
    
    
The hidden risk of misconfiguration
According to the 2025 Verizon Data Breach Investigation Report, 30% of the data breaches resulting from human error last year involved misconfiguration.
With security attention often focused on the scale and sophistication of email-based social engineering, credential theft and malware exploits, it can be easy to overlook the fact that one incorrectly configured security or other tool can be all it takes to give attackers access to your network.
It’s therefore concerning that only a minority (32%) of respondents are fully confident that their security tools are properly configured, leaving organizations vulnerable to breaches caused by hidden misconfigurations.
Removing complexity
For connected organizations, long-term cyber-resilient security depends on reducing complexity, enhancing visibility, consolidating and integrating security solutions — and getting to grips with the spiralling demands of security deployment and management and the daily wave of alerts and alarms.
For resource-constrained organizations, this is a daunting list. But it’s not as intimidating as it looks — and here’s why.
First, there are people and partners who have the skills and capacity to help.
More than half (52%) the organizations surveyed had asked a managed service provider to help them cope with the growing number of security tools they’d acquired. This proportion stayed the same regardless of the size of the organization.
Second, there are advanced security platforms that take away the strain of integrating and managing solutions and detecting and responding to threats. These platforms enable IT security teams or their MSPs to catch issues before they become a problem — such as spotting misconfigured or inactive security tools.
The power of platform protection
There is a saying in cybersecurity that attackers only need to get it right once, while defenders need to get it right every time. An integrated cybersecurity platform makes that job easier by ensuring security teams can see what’s going on across the board at any moment in time and address issues immediately.
An integrated platform streamlines and simplifies cybersecurity management, minimizes security gaps and human errors, reduces the workload on IT teams and improves productivity.
BarracudaONE™ is an AI-powered cybersecurity platform that unifies Barracuda’s comprehensive portfolio of solutions alongside end users’ existing security tools. The platform delivers integrated threat protection through a centralized dashboard to maximize protection and cyber resilience while being easy to buy, deploy and use.
You can find out more here.
 
    
    
    
The Ransomware Insights Report 2025
Key findings about the experience and impact of ransomware on organizations worldwide
Subscribe to the Barracuda Blog.
Sign up to receive threat spotlights, industry commentary, and more.
 
    
    
    
Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance
See how easy it can be to find the vulnerabilities cybercriminals want to exploit
 
     
             
             
             
            