In 2019, organizations of all shapes and sizes will be looking for a better news year when it comes to cybersecurity. Or, at least, they will be hoping that their organization doesn't appear in the headlines. The reality is that the fight continues – as sure as the sun sets each day, new security threats will continue to appear on the horizon. What we do know is that we don't know what is ahead.
New methods of working, new digital technologies, and new people in transient roles combine in ways that make it impossible to decide where the next threat will come from. And these threats are increasing in sophistication: threat actors include organized criminal groups, nation states, and "hacktivists," many of them with access to the same resources as those defending organizations from cyber breaches.
But in 2019, organizations can be better prepared to prevent, detect, and respond to cyberattacks. During 2018 we saw evidence of many enterprises moving away from point products, frequently purchased in an uncoordinated manner to address the latest threat. Instead, these organizations have built a risk-based approach to security, consequently developing a broader view of cybersecurity posture. Along with people and process security controls, existing security technology investments are still being maximized to mitigate risk, but as the enterprise approach to cybersecurity and digital risk evolves, these investments are being reviewed and coordinated.
Yet, this risk-based approach doesn't apply to every organization – Ovum's ICT Enterprise Insights 2018/19 shows that fewer than 15% of surveyed organizations globally have developed a proactive approach to cybersecurity and digital risk. Cybersecurity is now a board-level issue for many organizations, but this often means no more than the CISO being asked by the board if they have ticked all the boxes. Changing organizational attitudes to cybersecurity and digital risk is a new ballgame.
There is, however, good news on the horizon. The same Ovum survey shows that between 40% and 50% of surveyed organizations recognize this need and are advancing in their development of such an approach. This means that 2019 could be a better cybersecurity news year – at least for these organizations not appearing in the headlines.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.