In 2019, organisations of all shapes and sizes will be looking for a better news year when it comes to cybersecurity. Or, at least, they will be hoping that their organisation doesn’t appear in the headlines. The reality is that the fight continues – as sure as the sun sets each day, new security threats will continue to appear on the horizon. What we do know is that we don’t know what is ahead.
New methods of working, new digital technologies, and new people in transient roles combine in ways that make it impossible to decide where the next threat will come from. And these threats are increasing in sophistication: threat actors include organised criminal groups, nation states, and “hacktivists,” many of them with access to the same resources as those defending organisations from cyber breaches.
But in 2019, organisations can be better prepared to prevent, detect, and respond to cyberattacks. During 2018 we saw evidence of many enterprises moving away from point products, frequently purchased in an uncoordinated manner to address the latest threat. Instead, these organisations have built a risk-based approach to security, consequently developing a broader view of cybersecurity posture. Along with people and process security controls, existing security technology investments are still being maximised to mitigate risk, but as the enterprise approach to cybersecurity and digital risk evolves, these investments are being reviewed and coordinated.
Yet, this risk-based approach doesn’t apply to every organisation – Ovum’s ICT Enterprise Insights 2018/19 shows that fewer than 15% of surveyed organisations globally have developed a proactive approach to cybersecurity and digital risk. Cybersecurity is now a board-level issue for many organisations, but this often means no more than the CISO being asked by the board if they have ticked all the boxes. Changing organisational attitudes to cybersecurity and digital risk is a new ballgame.
There is, however, good news on the horizon. The same Ovum survey shows that between 40% and 50% of surveyed organisations recognise this need and are advancing in their development of such an approach. This means that 2019 could be a better cybersecurity news year – at least for these organisations not appearing in the headlines.