Today's regulatory environment that is growing more and more stringent, combined with an increasingly complex and sophisticated threat landscape, is seeing cyber security become a business critical function. However, it remains a non-core competency for most C-suite executives.
This was revealed by data and analytics company GlobalData's recent report, called 'Cybersecurity'. In addition, the report said that although chief information security officers (CISOs) have become increasingly common in recent years, the majority do not report directly to the CEO, which reduces their effectiveness.
Cyrus Mewawalla, head of Thematic Research at GlobalData, says: ''The frequency of cyber attacks is only likely to accelerate over the coming years, therefore it is vital that senior executives have a full understanding of the inherent risks and implications. The losers will be those companies whose boards do not take cyber security seriously, as they run a higher risk of being hacked.''
He adds that it's hard to assess a company's exposure to cyber security risk, but the composition of the board often provides clues. "CEOs who do not have a CISO reporting directly to them are at a greater risk."
Active detection
Mewawalla says that traditionally, the majority of organisations have adopted a prevention-based approach to cyber security, but advances in technology areas such as artificial intelligence (AI) and machine learning are facilitating a move towards the active detection of threats.
"This allows pre-emptive action to be taken to stop breaches before they occur and also serves to free up resources currently occupied with chasing false positives from existing, more reactive systems."
He says GlobalData expects spending on AI cyber security solutions to grow significantly over the coming years. "Our figures show that organisations around the globe spent a combined $114bn on security products, including hardware and software, as well as services last year."
By 2021, he says, the figure is expected to have passed $140 billion, at a compound annual growth rate (CAGR) of 6%. Spending on services accounted for 68% of total spending in 2017 and this share will remain relatively steady through 2021, despite the CAGR of the services segment (4.9%) being outstripped by that of products (7.7%).
Diverse threats
According to him, another area for growth in the future is unified threat management, as these solutions have the ability to tackle diverse threats and address the issues faced by businesses that find themselves with myriad security products from a wide range of vendors, resulting in a muddled security posture that lacks integration.
Mewawalla says: ''There is an ongoing move away from a prevention-based approach to cyber attacks and towards active detection of threat actors using intelligence-led tools. CISOs and security executives are increasing investment in detection and response-based offerings such as deception technology, software-defined segmentation and behaviour analytics.''
He says an increased focus on detection and response can free up resources that are occupied with chasing false positives.
Share