RSA conducted a global survey to understand how effective organizations are at detecting and investigating cyber threats. The research was designed to provide global insight into what technologies organizations use, what data they gather to support this effort, their satisfaction with the current toolsets, what new technologies they plan to invest in, and how they plan to evolve their strategies going forward. The survey data shows that organizations are relying on a fragmented foundation of data and technologies for detection and investigation. Because data remains siloed, visibility is incomplete, making it difficult to scope attacker activity. As a result, the speed with which they can detect and subsequently investigate threats becomes a major challenge. Understandably, respondents expressed deep dissatisfaction with their current threat detection and investigation capabilities. To successfully move forward, organizations need to plug gaps in visibility, take a more consistent approach to deploying the technologies that matter most, and accelerate the shift away from preventative strategies.