Cyber Security Reaches Critical Inflection Point

Cyber Security Reaches Critical Inflection Point

By Greg Tavarez

Cybersecurity is a strategic business imperative that requires CEOs and management teams work to meet the expectations of the board, shareholders and regulators. Research firm ThoughtLab conducted a study, Cybersecurity Solutions for a Riskier World, and revealed that the COVID-19 pandemic brought cybersecurity to a critical inflection point.

The study, which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending, indicated that material breaches rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%.

CISO roles expanded, with many taking on responsibility for data security at 49% of businesses, customer and insider fraud at 44%, supply chain management at 34%, enterprise and geopolitical risk management at 30% and digital transformation and business strategy at 29%.

Here’s the rub: While companies clearly area acknowledging the need for increased security, many are ill-prepared to follow through. In fact, 29% of CEOs and CISOs, and 40% of chief security officers admitted their organizations are unprepared for a rapidly changing threat landscape.

The reasons cited include:

  • Supply chain complexity (44%)
  • Rapid pace of digital innovation (41%)
  • Inadequate cybersecurity budgets (28%)
  • Lack of executive support (28%).

The highest percentages of unprepared organizations were in critical infrastructure industries, such as health care (35%), the public sector (34%), telecoms (31%) and aerospace and defense at (31%).

"The research shows that firms have made considerable progress against cybersecurity frameworks like NIST, but they need to do more to keep their organizations safe," said Paul Sussman, vice president at Booz Allen Hamilton.

Security executives are expecting an increase in attacks from social engineering and ransomware during the next two years. In particular, they anticipate known weaknesses to be exploited, including:

  • Software misconfigurations (49%)
  • Human error (40%)
  • Poor maintenance (40%); and
  • Unknown assets (30%).

To help reduce the probability of a material breach and the time it takes to find and respond to those that do happen, the benchmarking study revealed 10 best practices:

  1. Take cybersecurity maturity to the highest level
  2. Ensure cybersecurity budgets are adequate
  3. Build a rigorous risk-based approach
  4. Make cybersecurity people-centric
  5. Secure the supply chain
  6. Draw on latest technologies but avoid product proliferation
  7. Prioritize protection of links between information and operating technologies
  8. Harness intelligent automation
  9. Improve security controls for expanded attack surfaces
  10. Measure performance more effectively

"While there is no silver bullet, our evidence-based research reveals that organizations need to take their cybersecurity programs to a higher level of excellence by ensuring they are proactive, risk-based, human-centric, digitally advanced and properly resourced," said Lou Celi, CEO of ThoughtLab and the program’s research director.

For the latest information about the business cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More

Barracuda Managed Vulnerability Security: A Proactive Shield Against Escalating Cyber Threats

By: Erik Linask    6/26/2025

Barracuda's Managed Vulnerability Security is a fully managed scanning and risk assessment service powered by its global SOC.

Read More

Can MSPs Cut Microsoft Teams Incident Management Time by 50%? Martello Says Yes

By: Erik Linask    6/18/2025

New research shows MSPs can achieve a 50% reduction in labor required for Microsoft Teams incident management by using proactive monitoring and advanc…

Read More

Supercharging Your MSP with AI at SuperSummit 2025 in Dallas

By: Erik Linask    6/18/2025

SuperSummit 2025 features targeted content and education to help MSPs capitalize on the AI revolution to improve there businesses models and operation…

Read More