Cyber Security Reaches Critical Inflection Point


Cyber Security Reaches Critical Inflection Point

By Greg Tavarez

Cybersecurity is a strategic business imperative that requires CEOs and management teams work to meet the expectations of the board, shareholders and regulators. Research firm ThoughtLab conducted a study, Cybersecurity Solutions for a Riskier World, and revealed that the COVID-19 pandemic brought cybersecurity to a critical inflection point.

The study, which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending, indicated that material breaches rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%.

CISO roles expanded, with many taking on responsibility for data security at 49% of businesses, customer and insider fraud at 44%, supply chain management at 34%, enterprise and geopolitical risk management at 30% and digital transformation and business strategy at 29%.

Here’s the rub: While companies clearly area acknowledging the need for increased security, many are ill-prepared to follow through. In fact, 29% of CEOs and CISOs, and 40% of chief security officers admitted their organizations are unprepared for a rapidly changing threat landscape.

The reasons cited include:

  • Supply chain complexity (44%)
  • Rapid pace of digital innovation (41%)
  • Inadequate cybersecurity budgets (28%)
  • Lack of executive support (28%).

The highest percentages of unprepared organizations were in critical infrastructure industries, such as health care (35%), the public sector (34%), telecoms (31%) and aerospace and defense at (31%).

"The research shows that firms have made considerable progress against cybersecurity frameworks like NIST, but they need to do more to keep their organizations safe," said Paul Sussman, vice president at Booz Allen Hamilton.

Security executives are expecting an increase in attacks from social engineering and ransomware during the next two years. In particular, they anticipate known weaknesses to be exploited, including:

  • Software misconfigurations (49%)
  • Human error (40%)
  • Poor maintenance (40%); and
  • Unknown assets (30%).

To help reduce the probability of a material breach and the time it takes to find and respond to those that do happen, the benchmarking study revealed 10 best practices:

  1. Take cybersecurity maturity to the highest level
  2. Ensure cybersecurity budgets are adequate
  3. Build a rigorous risk-based approach
  4. Make cybersecurity people-centric
  5. Secure the supply chain
  6. Draw on latest technologies but avoid product proliferation
  7. Prioritize protection of links between information and operating technologies
  8. Harness intelligent automation
  9. Improve security controls for expanded attack surfaces
  10. Measure performance more effectively

"While there is no silver bullet, our evidence-based research reveals that organizations need to take their cybersecurity programs to a higher level of excellence by ensuring they are proactive, risk-based, human-centric, digitally advanced and properly resourced," said Lou Celi, CEO of ThoughtLab and the program’s research director.

For the latest information about the business cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.

Edited by Erik Linask

MSPToday Editor

Related Articles

Tech Teams' New Priorities Engage MSPs

By: Greg Tavarez    7/1/2022

Fifty-two percent of organizations are focused on infrastructure modernization, and tech teams are engaging MSPs to help them achieve business goals.

Read More

Taking Email Signatures to the Next Level

By: Arti Loftus    7/1/2022

Pax8, a global cloud commerce marketplace, announced a global agreement with email signature management firm, Exclaimer Group

Read More

TP-Link Introduces Omada Solution for Multi-Dwelling Units

By: Greg Tavarez    6/28/2022

Private pre-shared Wi-Fi keys will offer MSPs and easy way to provide connectivity to multi-dwelling units with an easy-to-deploy authentication metho…

Read More

Will MSPs Be Successful in 2022?

By: Greg Tavarez    6/28/2022

MSPs, during this time of digital transformation, are offering businesses, especially small- and medium-sized businesses, 24/7 tech support.

Read More

MSPs Receive Benefits Through Dell Expert Network

By: Greg Tavarez    6/28/2022

To help IT consultants and MSPs that want to simplify the purchasing and reselling of Dell equipment, Dell is offering its Dell Expert Network program…

Read More