I love the world of technology. Starting my career as a programmer (now called ‘developers’) opened my eyes to what technology could do. The advances in technology (Moore’s Law and the rest) over the past quarter-century have been mind-boggling. Cybersecurity has benefited from these technology developments, with a huge range of software available to prevent, detect, and respond to threats and cyberattacks.
Certainly, security technology is a crucial component of an organization’s security posture (overall cybersecurity strength). Often, the layperson’s view – perpetuated by much of the media – is that cybersecurity is deeply technical, focused on repelling the hoodied hacker, and therefore all about the technology.
But, focusing only on security products, expecting them to be the ultimate weapon in the war against the cyberthreat landscape, fails to take into consideration the broader picture that all organizations face. Spend a few hours with an information security or cybersecurity specialist and it quickly becomes apparent that security is about so much more.
Maintaining an effective cybersecurity posture is an ongoing approach across an organization, taking inputs from the security levers of governance, risk, compliance, people, and process, as well as technology. Threats are not only technical in nature; social engineering and organizational insiders not following processes are just two examples of threats that are poorly defended against by technology alone.
However, driven by compliance demands as well as protecting reputation, significant investment in security products will continue – Ovum’s Market Forecast for security software puts global spend at almost $57 billion by 2022, a CAGR of 7.4%. The market for outsourced security services is expected to reach nearly $31 billion in the same period, a CAGR of 12%.
The higher CAGR for outsourced security demonstrates the difficulties that enterprises in all sectors face with managing the myriad security products they have deployed (let alone those products purchased that still sit on the shelf), as well as the challenges of finding staff to manage those products. Moving aspects of security management to a service provider can help alleviate some of these difficulties.
Investment in security products will become more focused as organizations move towards a holistic view of their cybersecurity posture, no longer expecting individual pieces of software to be the silver bullet they have often promised to be. Enterprises value security technology vendors and service providers that can demonstrate understanding of the bigger security picture and approaches being taken by enterprises, combined with business outcomes from the product or service. Technology is wonderful but is only a part of what security needs.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.