It seems like every day, the cybersecurity industry gets more complex as the industry continues to evolve in the 21st century. New vendors of digital security solutions come on board daily and new categories emerge to solve basic cybersecurity needs, Chief Information Security Officers (CISOs) operate in a professional vacuum in which “adapting to rapid changes” takes on a new and much more elaborate meaning.
Visionary CISOs have to be ready to address threats to technology that negatively impact their company’s bottom line.
The cybersecurity paradigm of 2022 looks much different than it did just three years ago before a worldwide pandemic put conducting digital business mostly on hold. As we burst out of the stagnant business climate caused by COVID-19, CISOS are back to juggling several responsibilities at once, while properly managing their time and company budgets. As we move past the halfway point of 2022, what should be your company’s most important cybersecurity issues for the remainder of the year and beyond into 2023?
To get the answer to the question, Forgepoint Capital interviewed more than 100 CISOs from large companies that represent the software, healthcare, financial services, and professional services industries. Large employers of between one and 10,000 full-time equivalent (FTE) employees and very large employers of more than 10,000 employees have made cybersecurity protocols the most important business priority.
One of the largest differences in priorities between the two segments concerns cloud migration. Employers with more than 10,000 FTE employees invest more time and financial resources into developing cloud-based solutions to technology threats.
Focus on ROI
Regardless of organizational size, CISOs have made generating a high rate of return on cybersecurity investments to be an important priority, For example, many healthcare CISOs focus on the financial risks posed by software supply chain disruptions caused by the global supply chain crisis. Healthcare industry CISOs also are focused on the risk posed by third-party vendors, such as the security developed for selling technology-driven medical devices.
Most CISOs from all industries except professional services have made digital transformation the most important priority when it concerns achieving optimal ROI.
Achieving a Balance Between New and Traditional Cyber Security Controls
A vast majority of the CISOs polled in the 2022 survey responded that they plan to concentrate on combining new and traditional methods of cyber security controls. The historically significant methods of cyber security controls involve a focus on protecting data, endpoints, networks, and identities. The new control methods CISOs have targeted in 2022 include intelligence and the response to security breaches. CISOs also have adapted to the rapid changes in the cybersecurity industry by developing new security access controls such as application programming interfaces (APIs)
More than 40 percent of the respondents said areas such as data and identity remain important priorities throughout all industries, with purchasing cyber insurance an emerging priority that addresses inevitable malware and ransomware attacks. With cyberattacks reaching a record level in 2021, purchasing cyber insurance represents an effective way to achieve a balance between new and old cybersecurity controls.
The Rising Role of the NIST
Defined by the standards issued by the National Institute of Standards and Technology (NIST), the CISOs that responded to the forward-looking 2022 survey named data detection, protection, and identification as the three most popular functions for generating stronger cybersecurity initiatives. Many survey respondents mentioned the lack of new products that are available to address the three cybersecurity functions. CISOs are increasingly turning to in-house IT professionals to take more control over detecting, protecting, and identifying highly-sensitive company data.
Investing More Money
More than 75 percent of the CISOs that responded to the 2022 priorities survey emphasized the importance of investing more money into cybersecurity programs. Coming out of the economic doldrums caused by the pandemic has created a volatile business environment in which cybersecurity protections can be exploited by savvy hackers. With most CISOs investing more money in department budgets, the goal is to attain much more flexible solutions to address new and emerging cybersecurity threats.
The key is to invest money wisely, as opposed to reacting in a manner that throws money at solutions that have no chance of working in the era of the “new normal.”
The Bottom Line: Follow-Up Cybersecurity Initiatives
Many of the CISOs from across all industries that responded to the 2022 cybersecurity priorities survey emphasized the importance of monitoring the performance of new cybersecurity initiatives. The same respondents also mentioned the importance of fine-tuning older cybersecurity initiatives to adapt to the rapid changes regarding IT protocols.
As a CISO or a manager in charge of a cybersecurity initiative, you should create a circular business model that starts with implementation and returns to the implementation stage with the results of monitoring the success of your cybersecurity program. Stay on top of cybersecurity trends by registering for our newsletter below!