Innovation is changing the cybersecurity game, giving new advantages to defenders and leveling the playing field with attackers. Cyber startups are hot: in the past decade, some two dozen have attained IPO or M&A values of $1 billion, 10 of them in the last two years, according to CB Insights.
And the existing array of cyber solutions has matured, enabling a shift to Zero Trust architectures, real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management, and other advanced technologies — prompted in large part by a threefold growth in cloud services.
Early switchers have taken advantage of these developments. But, more important, they’re investing in the classic digital transformation trifecta — people, processes, and technologies — to close the wide lead that attackers have long held.
In our Global DTI 2021 survey, we looked at 25 new cybersecurity approaches and practices (see chart) and tracked the measures on which organizations say they’ve made significant progress.
A minority — between 15% and 19% — of executives say they’re already benefiting from some of these new practices. This is the group we call, "early switchers."
Executives from large organizations ($1B+) are more likely to report benefits from making a strategic shift (their “cybersecurity team collaborates more with the business side in delivering business outcomes”); switching to advanced technologies (“investing in advanced technologies to improve the effectiveness of my organization's cyber defense and security detection capabilities”); and restructuring operations (“reducing the cost of cyber operations via automation, rationalisation and/or other solutions.”)
Executives from the largest organizations ($10B+) are more likely to report gains from using security models and technologies such as Zero Trust, managed services, virtualization, and accelerated cloud adoption.
Overall, the 3,249 survey respondents reported making ‘significant progress’ over the past three years on an average of six measures, signaling better risk management, greater resilience, increased stakeholder trust, or faster digital transformation. The top outcomes — reported by 43% of executives — are improved customer experiences, quicker responses to incidents and disruptions, and better prevention of successful attacks.
But an elite group of early switchers — those who report realizing benefits from 20 or more of the 25 new practices — say they have made significant progress on at least 12 outcomes.
On the other hand, those who haven’t yet shifted to new practices report significant progress on only two or three outcomes.
These findings suggest that investing in every advantage in technologies, processes and the capabilities of your people is critical to making meaningful headway against attackers. And it underscores the importance of having a CISO who can serve as transformational leader or operational leader/master tactician.
Companies are rapidly moving their operations (75%) and security (76%) to the cloud. They’re doing away with static, inherently insecure legacy systems in favor of more dynamic, nimble integrated cloud/network systems that are secure by design.
CISOs who transition their organization to the cloud are able to build in hygiene mechanisms from the beginning — in automated ways. They’re also able to eliminate friction from the system and simplify service delivery to their customers.
More than a third (35%) of executives strongly agree that moving to the cloud is foundational for the next generation of business solutions for their organization. And 36% strongly agree that new solutions exist to secure cloud infrastructures better than they have ever been in the past.
Larger organizations with more resources are applying new technologies and mindsets to turn the tables on attackers. But as the technologies become more affordable and the models refined, small and medium-sized enterprises can benefit as well.