Articles

Are Businesses Shortchanging Cybersecurity Or Shortchanging Change Itself?

Issue link: https://resources.edgile.com/i/927570

Contents of this Issue

Navigation

Page 0 of 1

Are Businesses Shortchanging Cybersecurity Or Shortchanging Change Itself? At a recent private gathering of cybersecurity professionals, I watched how the conversation gravitated toward an analysis of two interesting facts: First, according to a survey commissioned by Gartner (paywall), businesses are increasing their cybersecurity budgets at a rate of 18%; second, data breaches increased at a rate of more than 40% from 2015 to 2016, based on a Bloomberg report. From a financial point of view, we're getting a questionable return on our security investments. It begs the question: Are we investing enough in cybersecurity, or are the investments we're making not optimal? One way or another, businesses will need to close the cyber-readiness gap or become increasingly vulnerable to cyberthreats. Responding To Change For several reasons, we've arrived at a moment in history when businesses -- to borrow a line from Apple -- need to "think different" about their investments in cybersecurity. Business is driving a rapid change in the technology landscape. The cloud is providing the enterprise with immense value by providing greater access to information, services, customers, partners and employees while radically lowering the costs of services, transactions and communications. Additionally, the enterprise has embraced technologies to increase mobility, empower employees, enhance partnerships and strengthen customer relationships while accepting the growing roles that personal devices and social media are playing in business. This has challenged the traditional security models that most enterprises have leveraged to protect themselves. The change in enterprise IT is both obvious and profound. Yet the way we make decisions for investing in security has not changed much at all over the last 20 years. Part of the problem is institutional. Industry frameworks that many enterprises have adopted -- like ISO 27001/27002 -- look at cybersecurity through a highly segmented lens, leading to the creation and adoption of many point solutions that sometimes overlap and that often fail to address the changing realities of the evolution taking place across the technology landscape. In addition, the frameworks don't allow for evaluating strategic investment tradeoffs or provide risk professionals with a long-term view of the problem.

Articles in this issue

view archives of Articles - Are Businesses Shortchanging Cybersecurity Or Shortchanging Change Itself?