Senior business executives are finally taking cyber security threats seriously, according to new research from Gartner.
In research released last week, the analysts identified what they argue are the top six security and risk management trends, ranging from the expected technology advancements to fresh geopolitical and regulatory considerations.
At the top of the list is an increased appreciation among the c-suite of the risks cyber attacks pose to business goals and corporate reputation.
According to Gartner analysts, “IT security is a board-level topic and an essential part of any solid digital business strategy.”
That hasn’t always been the case and, Gartner says, its taken a string of high profile security incidents to elevate security concerns. The Equifax data breach alone, which cost the CEO, CIO and CSO their jobs and caused world-wide damages between $1.5 to $4 billion, should be enough to make senior executives acknowledge the challenge.
“Business leaders and senior stakeholders at last appreciate security as much more than just tactical, technical stuff done by overly serious, unsmiling types in the company basement,” said a Gartner research VP, who noted this trend was creating an opportunity for security firms to work more closely with business leadership.
The Gartner research had a global focus, but there are also signs cybersecurity is quickly rising up Australian boards agenda. Research from industry body AustCyber suggests risk awareness by business leaders is improving – the majority of Australian executives are briefed at least quarterly on cyber risks and mitigation strategies – but Australia still lags compared to many of its neighbours.
“In 35 per cent of companies surveyed across Asia, cyber security programs are dealt with by top-level executives and board members, although the number is still significantly lower (at around 19 per cent) in Australia,” according to AustCyber’s Australian Cyber Security Sector Competitiveness Plan.
The rapidly changing security environment means Australian organisations need to stay vigilant and abreast of industry trends, according to AustCyber.
“Cyber adversaries are constantly contriving new ways to exploit vulnerable systems and networks, thus forcing organisations—from banks to energy companies, from government agencies to charities—to strengthen their cyber defences,” said AustCyber CEO, Michelle Price.
Price told Which-50 the cyber threat is also driving a booming global industry.
“The increasing security needs of these organisations are expected to underpin the rapid growth and evolution of the global cyber security industry over the next decade, with global spending on cyber security is expected to reach over US$251 billion by 2026.”
Gartner’s following five cyber security trends underscore the evolving complexity in the space.
Legal and Regulatory Mandates
Gartner analysts argue data has become the “lifeblood” of digital businesses and its misuse comes with considerable consequences, as demonstrated by the recent Cambridge Analytica scandal.
In addition to legal and brand consequences, failure to protect data is now much more likely to draw the attention of newly emboldened regulators. GDPR has set a new high watermark for any businesses involved in the use or collection of Europeans’ data.
In Australia regulators are now armed with the new National Data Breach scheme, which mandates organisations be more transparent about data and security breaches. And the early signs suggest the schemes is working, with the number of breaches reported rising considerably since the scheme’s inception.
According to the Gartner research, cybersecurity solutions are rapidly shifting to the cloud in order to deal with the amount of data required for new detection technologies and authentication models – a data requirement that “can quickly overwhelm current on-premises security solutions”.
It means organisations should now consider the data management and machine learning capabilities of security investments, Gartner analysts said.
The machine learning effect
Machine learning has the potential to transform enterprise, and that includes cybersecurity. Gartner notes the shift to cloud creates an ability to “exploit machine learning to solve multiple security issues”.
Gartner claims by 2025 machine learning will be a standard practice for security solutions and help offset the dearth of talent in the industry. But they also caution there is still a lot of machine learning noise to cut through.
“Unless a vendor can explain in clear terms how its machine learning implementation enables its product to outperform competitors or previous approaches, it’s very difficult to unpack marketing from good machine learning.”
- LEARN: Nigel Watson will join other senior executives including NAB’s Karen Ganschow, Australia Post’s Andrew Walduck, and Peoples Choice Credit Union’s Geoff Wenborn on the Real World Transformation panel and roundtable discussion to be held at the Grand Hyatt in Melbourne on August 2nd. Register your interest today as places are limited.
Geopolitics and cybersecurity
Cyber warfare, cyber political interference, and demands from governments for “backdoor access” to software and services are adding to traditional security considerations, according to the Gartner research, which used alleged perennial threats China and Russia as examples of the new geopolitical factor.
It is now “vital” to account for geopolitics in the consideration of partners, according to Gartner analysts, who recommend organisations include supply chain source questions in RFIs, RFPs and contracts.
Digital, Centralised Power
“The internet is driving a wave of centralisation,” according to the Gartner research which used cloud computing as an example. While cloud present several benefits, security leaders must consider the risk of cloud too.
If the risks of centralising digital assets is too great and threatens organisational goals, organisations are well served to explore decentralised solutions, according to Gartner.