Cybersecurity is key in any business because cyber attacks are a daily occurrence and when an organization is breached, millions to even billions of dollars is lost due to lawsuits, fines and loss of revenues and regaining customer trust? Well, that could take years to build back…if ever.
Because of this, I believe that one of the biggest trends to impact cybersecurity in the coming year is the growing importance for organizations to view cyber risk as a measure of business risk because cybersecurity is no longer just the responsibility of IT, and the “checking the box” mentality doesn’t work in today’s environment. Instead, those in the C-suite are being held responsible when a breach occurs, and the C-suite and board members are starting to understand with greater urgency the association between cyber risk and corporate performance.
The Cyber Trendscape Report by FireEye found that over 90% of organizations surveyed believe that the cyber threat landscape will stay the same or worsen in 2020, but just over half do not believe they are ready for, or would respond well to, a cyber attack or breach event. Further compounding this is that nearly one-third (29%) reported that their cyber attack and breach response plans have not been tested or updated in the last 12 or more months! Clearly, there is a gap between those in the C-suite and security teams who are not measuring cyber risk and its impact on a company’s financial, operational and brand risk.
In 2020, I believe that we will see the following three key changes:
- Security leaders will be challenged to better align cybersecurity systems performance with the overall performance of the business.
- Security teams will increasingly measure and report on cybersecurity effectiveness in quantifiable terms and using evidence-based data.
- The C-Suite will continue to mature in understanding security’s relevance, and demand clear evidence that security investments are having a positive impact on key business areas that include business continuity, company valuations, regulatory compliance, and rationalization of investments.