Investing in cybersecurity: Are businesses really making a sound effort?
Blog by Biju Paul ( CEO & Founder - TopTech Informatics)
Businesses are increasingly raising the bar when it comes to spending on cybersecurity. Several factors are driving the demand. However, there is a need to constantly upgrade. The new strategy will require new funding and new ways to fight the threats
All around the world, there has been a spike in cyber-related breaches over the past two years. These threats work directly and indirectly and go beyond traditional risks. As a result, corporates are increasing their spending on cybersecurity. Industry estimates corroborate the trend. According to Gartner’s ‘2019 Worldwide Security Spending Projection’, worldwide spending on IT security will jump 8.7% this year, up to $124 billion as against the general IT spend, which is expected to grow by 3.2% this year.
Several factors have been triggering the spike in IT spend world-over. Here’s a small list of factors that have led to the current spike in spends:
The rise in compliances and regulations: New age privacy regulations such as the GDPR across economies and states have forced companies for greater accountability and responsibility. Compliance is thus a major factor that has forced corporates until now for greater spending on cybersecurity.
Innovation led technology transformation: Digital transformation is core to companies of tomorrow. A majority of companies today aim for a complete makeover and transformation basis the technology. And the transformation is not just for their clients but the way employees behave or work within the company ecosystem. However, digital transformation without much focus on cybersecurity will be meaningless.
Even the biggest of the corporations need to constantly align their efforts to this aspect. A recent case, where Cisco Systems was asked to pay US$8.6 mn after being accused of knowingly supplying faulty video surveillance technology containing serious security loopholes to various US federal and state governments and departments, highlights the point. Hence, there is a need for constant check and spending on security measures against cyber threats.
Small and medium enterprises and startups: Service providers are simply killing it! Organizations with medium to small budgets, especially startups, are looking for cost-effective solutions on cybersecurity. And small and medium level enterprises are in thousands today. Developed economies like the US has more than 10,000 startups alone. Countries such as the UK, India have seen huge growth in several such institutions. For instance, a recent study by insurance giant, Hiscox says 60% of companies in the UK have been affected by at least one attack in 2019. The notion that they are small and will not be on the radar of cybercriminals or are not prone to cyber threats, has proved to be wrong. This resulted in money loss, Hiscox study says. Hence, there is a need for constant technology upgrade on cybersecurity.
The dearth of necessary skills: This relates to the fact that organizations want to move up in the ecosystem and have a robust cybersecurity mechanism. In addition to the lack of talent, lack of resources has been identified as one of the key challenges towards the journey. Several corporates are therefore juggling between the decision to hire outside consultants and the decision to hire people within. Most, however, go with outsourced consultants and experts.
How is the spent scenario evolving?
Over the past decade, there has already been a shift in the way and manner organizations are focusing on cybersecurity. But they are still far from the intended results. Organizations are yet to fully understand the efficacy of their cybersecurity plan implemented so far. Market updates and industry discussions suggest their strategies are in place but concerns remain.
While companies are constantly spending on mitigating the risks they are worried about the desired outcome of their plans. The base question is - Are their risk mitigation plans mature enough to include newly introduced threats?
So what can be done?
Prioritize and kill: It is now accepted with new threats emerging everyday constant innovation is the need of the hour. Cybercriminals continue to find new ways to puncture through the firewalls of companies. With the complex nature of evolving attacks, it is required to create the priority order of these multiple attacks. So the IT teams can identify the most potentially damaging cyber threat among the many threats detected in a given time.
Bring in the data analysis: Several companies are applying the combined solutions involving artificial intelligence (AI), futuristic analysis and machine learning. Gradually, analytics has become a major component of all kinds of cybersecurity strategies witnessed across the globe. Hence, constant data collection and monitoring is the key. This approach holds a greater degree of success as compared to the traditional solutions-based approach.
As the world continues to develop on the existing strategies and approaches on cybersecurity, the investments will increase to include new arms and ammunitions. However, increasing complexities of cyber threats will keep us on our toes for the next round of strategy changeover and funding.