Most IT teams have their hands full responding to user support requests, making sure backups run, patching servers, and handling a host of other operational tasks. It’s difficult to find the time to sit down and develop an overarching cybersecurity strategy.
Only the very largest organizations have a fully staffed, around-the-clock security operations center. In most firms, the IT team works during business hours, with an on-call rotation to handle after-hours support requests. If there are IT personnel working nights and weekends, they’re likely short-handed. If a cyberattack occurs, they’re going to have a hard time responding quickly to mitigate the threat.