C-suite must discern between cybersecurity and cyber resilience – Technologist
Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the ability to withstand, respond and recover quickly from them.
“Cybersecurity is just one component of cyber resilience, but, unfortunately, many enterprises fail to understand the subtle difference,” said Kumar Avijit, practice director of Information Technology Services at Everest Group. He opined that while most C-suite executives concentrate on preventive controls and response, equal importance needs to be allocated to the recovery, revamp, and reinforcement stages of cyber resilience.
“For any business, having a comprehensive cyber resilience strategy is critical in safeguarding long-term viability and success,” he added.
The “5 Rs of cyber resilience”
Ready – High: C-suite is extensively focusing on pre-emptive measures to secure itself from cyberattacks and are investing in cutting-edge technologies.
Respond – High: There is rapid adoption of extended detection and response (XDR) tools in the market, and service providers too are now focusing on automated incident response to cut down on the standard metric of Mean Time to Resolution (MTTR).
Recover – Medium: There is very little focus on the recovery aspect from the C-suite, underpinned by the challenges of data fragmentation, infected backups, and meeting Recovery Time Objective (RTO) that are visible across the C-suite.
Reinforce – Low: The C-suite is not focused on learning from cyberattacks on peer organisations and building defences accordingly. In most cases, the C-suite lacks a comprehensive vision of security and instead remains reactive.
Revamp – Low: The C-suite is not acting agile enough to focus on the next-generation technology and thinking a step beyond on how to secure itself from the new attack vectors that the new shine tech brings.
Selected highlights
- Projections suggest the cybersecurity services market, currently valued at $US 70-73 billion, will surpass the $100 billion mark in 2025, exhibiting a CAGR of 16-18% between 2021 and 2025.
- Identity and access management (IAM), cloud security, and application security form the largest segments of the cybersecurity market, collectively representing 56% of the overall market.
- Cybersecurity consulting services are experiencing rapid growth, with a current market share of 25%. This is closely followed by design and implementation at 29% and managed security services leading at 46%.
- North America remains the largest market (40%) followed by Europe (33%) and Asia (21%).
- 63% of enterprises have mentioned lack of skills/talent as among their top three biggest challenges when it comes to cybersecurity.