LevelBlue Finds that Rapid Tech Advancements Leave IT Leaders Balancing Risk and Innovation

The rapid pace of technological change that we have seen is unfortunately outstripping the ability of many IT leaders to fully grasp the entirety of their IT infrastructure, typically referred to as the IT estate. This lack of visibility stems from a complex mix of factors.

Legacy systems, built years ago, often coexist alongside modern cloud-based solutions and open-source software. Further complicating matters, ongoing digital transformation initiatives introduce new technologies at a breakneck speed. This disjointed IT landscape makes it difficult for IT leaders to effectively manage resources, identify security vulnerabilities and ensure smooth operation.

Because IT leaders are having a tough time, 85% of them believe that computing innovation is increasing risk, according to the 2024 Futures Report: Beyond the Barriers to Cyber Resilience, by LevelBlue. Additionally, 74% of global respondents confirmed that the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk, which makes cyber resilience nearly impossible to achieve.

That then raises a question. What is preventing cyber resilience?

According to LevelBlue’s research, “There is no easy answer.” With that said, it likely comes down to business leaders making decisions that weaken their cybersecurity posture due to several factors.

Complex IT environments force tough choices, and essential security needs can be overlooked. Examples include unpatched software vulnerabilities, insecure applications with privacy risks, poorly configured cloud migrations and unmapped endpoints.

Cyber resilience requires strong leadership support, which is currently lacking. Over 60% of respondents say their leaders don't prioritize resilience, and 72% report a lack of understanding on the board. While some IT teams try to bridge the gap, silos hinder a unified approach. This exposes businesses to significant risks, as evidenced by real-world cyber incidents.

Accepting some risk is inevitable, but with limited investment in cyber resilience, leaders may be underestimating the potential damage. This creates a precarious situation for IT and security professionals.

“Businesses are less resilient than they should be, despite multiple high-profile cyberattacks and the knowledge that, for most, any widespread interruption to computing would be catastrophic,” said Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity/LevelBlue. “Our research shows that despite the potential for cybersecurity to support safer innovation — and therefore drive better outcomes — most respondents admit their cybersecurity is siloed or an afterthought.”

To best achieve cyber resilience, the LevelBlue Futures Report recommends five specific steps:

• Identify the barriers to cyber resilience: To build strong cyber resilience, a comprehensive evaluation is crucial. This assessment should identify vulnerabilities and analyze how physical and software supply chains impact decision-making. By pinpointing these obstacles, organizations can develop effective strategies to bolster their defenses.
   
• Be secure by design: Organizations should evaluate their next-generation computing requirements and integrate security measures from the start. This ensures compliance with regulations and minimizes potential security risks.
   
• Align cyber investment with business: Organizations must foster collaboration across departments and strategically allocate resources to create alignment between cybersecurity efforts and core business goals.
   
• Build a support ecosystem: To boost their expertise and accelerate real-time decision making, organizations can establish strategic partnerships with external collaborators.
   
• Transform cybersecurity strategies: Organizations must regularly update their tools and capabilities to stay ahead of evolving threats and a growing attack surface.

“The launch of the LevelBlue Futures Report serves as a further testament of our commitment to deliver the latest research to the industry, helping organizations better prepare for cyberattacks, more efficiently allocate IT budget and experience increased cyber resilience,” said Bob McCullen, chairman and CEO of LevelBlue. “We’re excited to continue delivering forward-looking, vendor neutral industry research to better inform our customers and the future industry at large.”