Take any week on any year and you can bet there'll be a report of a cybersecurity breach somewhere. There's no getting away from it: the more businesses embrace digital technologies and business models, the more tempting targets they make for criminals. But the mere fact that they are targets does not explain why so many attacks are successful – and successful they are: in a recent Accenture research report the businesses we spoke to claimed to suffer two or three successful security breaches every month.
Solving the cybersecurity challenge is one of the most important businesses challenges of our age – if not the most important. CISOs are, of course, aware of this, and businesses are spending vast sums on beefing up their security defences. In fact, spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021. So why, despite all this investment, are cybercriminals so successful. What are we doing wrong and how can this be addressed?
Over the course of this special blog series, I intend to provide answers to these critical questions. I shall demonstrate that there are two essential problems that are stopping the market from responding more effectively to the security threat.
The two barriers to better security
The first problem is one of leadership. Despite that some 70% of company executives now believe cybersecurity is a boardroom issue, the fact is that on the ground is that far too few executives are actively engaged in the security strategies of their organizations. The real challenge here is for organisations to go beyond CEO and board support to practical engagement.
The second problem involves the CISO: the critical player in any company's cyber response. All too often, CISOs simply do not have full control of all elements of their company's security capabilities – indeed, in most organisations CISOs are only in direct control of between a third and a half of the security capability. The result is that even when a CISO knows what needs fixing, they often lack the authority and control to make the necessary changes.
A subset of this problem is the proliferation of IT systems in businesses, which is adding unnecessary complexity. We've found that the average CISO has to corral more than 55 point solutions, most of which are neither integrated nor connected. In effect, they're being asked to plug the cracks in a dam with band aids – and the dam's threatening to burst at any moment.
Building a cyber-committed business
As I will set out over this blog series, the key to winning the war against cybercriminals requires businesses take three key actions:
Put in place cyber-committed CEOs and boards that are engaged with how cybersecurity impacts the business, how it affects risk, and how it creates opportunities
Empower CISOs and give them complete authority over the enterprise security apparatus
Replace piecemeal security tools with a consolidated and holistic solution
In my next blog, I'll look at the first of these considerations and explain why modern business leadership needs to be 100% committed to their business' cybersecurity strategy.