Cyber Security Reaches Critical Inflection Point

Cyber Security Reaches Critical Inflection Point

By Greg Tavarez

Cybersecurity is a strategic business imperative that requires CEOs and management teams work to meet the expectations of the board, shareholders and regulators. Research firm ThoughtLab conducted a study, Cybersecurity Solutions for a Riskier World, and revealed that the COVID-19 pandemic brought cybersecurity to a critical inflection point.

The study, which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending, indicated that material breaches rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%.

CISO roles expanded, with many taking on responsibility for data security at 49% of businesses, customer and insider fraud at 44%, supply chain management at 34%, enterprise and geopolitical risk management at 30% and digital transformation and business strategy at 29%.

Here’s the rub: While companies clearly area acknowledging the need for increased security, many are ill-prepared to follow through. In fact, 29% of CEOs and CISOs, and 40% of chief security officers admitted their organizations are unprepared for a rapidly changing threat landscape.

The reasons cited include:

  • Supply chain complexity (44%)
  • Rapid pace of digital innovation (41%)
  • Inadequate cybersecurity budgets (28%)
  • Lack of executive support (28%).

The highest percentages of unprepared organizations were in critical infrastructure industries, such as health care (35%), the public sector (34%), telecoms (31%) and aerospace and defense at (31%).

"The research shows that firms have made considerable progress against cybersecurity frameworks like NIST, but they need to do more to keep their organizations safe," said Paul Sussman, vice president at Booz Allen Hamilton.

Security executives are expecting an increase in attacks from social engineering and ransomware during the next two years. In particular, they anticipate known weaknesses to be exploited, including:

  • Software misconfigurations (49%)
  • Human error (40%)
  • Poor maintenance (40%); and
  • Unknown assets (30%).

To help reduce the probability of a material breach and the time it takes to find and respond to those that do happen, the benchmarking study revealed 10 best practices:

  1. Take cybersecurity maturity to the highest level
  2. Ensure cybersecurity budgets are adequate
  3. Build a rigorous risk-based approach
  4. Make cybersecurity people-centric
  5. Secure the supply chain
  6. Draw on latest technologies but avoid product proliferation
  7. Prioritize protection of links between information and operating technologies
  8. Harness intelligent automation
  9. Improve security controls for expanded attack surfaces
  10. Measure performance more effectively

"While there is no silver bullet, our evidence-based research reveals that organizations need to take their cybersecurity programs to a higher level of excellence by ensuring they are proactive, risk-based, human-centric, digitally advanced and properly resourced," said Lou Celi, CEO of ThoughtLab and the program’s research director.

For the latest information about the business cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

PrinterLogic Solidifies Commitment to Customer Data Security with ISO Certification

By: Greg Tavarez    3/29/2023

PrinterLogic's SaaS platform received International Organization for Standardization 27001:2013 certification to mark its commitment to constantly imp…

Read More

FinOps-as-a-Service will be a Massive Threat or Opportunity for MSPs

By: Matthew Vulpis    3/29/2023

The rapid rise of FinOps should be seen as a bountiful opportunity for MSPs, as the core concepts make FinOps the ideal program for MSPs to drive.

Read More

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More