Cybersecurity is a strategic business imperative that requires CEOs and management teams work to meet the expectations of the board, shareholders and regulators. Research firm ThoughtLab conducted a study, Cybersecurity Solutions for a Riskier World, and revealed that the COVID-19 pandemic brought cybersecurity to a critical inflection point.
The study, which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending, indicated that material breaches rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%.
CISO roles expanded, with many taking on responsibility for data security at 49% of businesses, customer and insider fraud at 44%, supply chain management at 34%, enterprise and geopolitical risk management at 30% and digital transformation and business strategy at 29%.
Here’s the rub: While companies clearly area acknowledging the need for increased security, many are ill-prepared to follow through. In fact, 29% of CEOs and CISOs, and 40% of chief security officers admitted their organizations are unprepared for a rapidly changing threat landscape.
The reasons cited include:
- Supply chain complexity (44%)
- Rapid pace of digital innovation (41%)
- Inadequate cybersecurity budgets (28%)
- Lack of executive support (28%).
The highest percentages of unprepared organizations were in critical infrastructure industries, such as health care (35%), the public sector (34%), telecoms (31%) and aerospace and defense at (31%).
"The research shows that firms have made considerable progress against cybersecurity frameworks like NIST, but they need to do more to keep their organizations safe," said Paul Sussman, vice president at Booz Allen Hamilton.
Security executives are expecting an increase in attacks from social engineering and ransomware during the next two years. In particular, they anticipate known weaknesses to be exploited, including:
- Software misconfigurations (49%)
- Human error (40%)
- Poor maintenance (40%); and
- Unknown assets (30%).
To help reduce the probability of a material breach and the time it takes to find and respond to those that do happen, the benchmarking study revealed 10 best practices:
- Take cybersecurity maturity to the highest level
- Ensure cybersecurity budgets are adequate
- Build a rigorous risk-based approach
- Make cybersecurity people-centric
- Secure the supply chain
- Draw on latest technologies but avoid product proliferation
- Prioritize protection of links between information and operating technologies
- Harness intelligent automation
- Improve security controls for expanded attack surfaces
- Measure performance more effectively
"While there is no silver bullet, our evidence-based research reveals that organizations need to take their cybersecurity programs to a higher level of excellence by ensuring they are proactive, risk-based, human-centric, digitally advanced and properly resourced," said Lou Celi, CEO of ThoughtLab and the program’s research director.
For the latest information about the business cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security. MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.
Edited by Erik Linask