Istari

Cybersecurity Technology Efficacy

Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, Debate Security’s research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.

The report supports the view that efficacy problems in the cybersecurity market are primarily due to economic issues, not technological ones, and addresses three key themes to ultimately arrive at a consensus for how to approach a new model.

 

Cybersecurity is failing. Spend on cybersecurity is increasing every year (+58% over the past five years) , yet as the WEF has highlighted, business leaders still identify disruption from cyberattack as one of the top 5 growing risks in 2020 (and while the exact numbers are contestable, the direction is clear). A major cause of this failure is that the technology is not as effective as it needs to be, and this is the view shared by 90% of over 100 highly qualified research participants in this study. While there has been a strong focus on improving people and process related issues in recent years, - which are also undoubtedly contributors to cybersecurity failings - technology problems have in some way been accepted as inevitable and the norm.

As one Chief Information Security Officer (CISO) put it, “we buy it, and then we cross our fingers and hope the technology will work”. Trust in cybersecurity technology to deliver on its promise is low. Without improving technology efficacy, cybersecurity will continue to fail. Participants in this research broadly agree that four characteristics are required to comprehensively define cybersecurity technology efficacy. These are the Capability to deliver the security mission (fit-for-purpose), Practicality in operations (fit-for-use), Quality of security build and architecture, and Provenance of the vendor and supply chain.

 

READ THE FULL REPORT
READ THE SUMMARY

Discussion

Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, Debate Security’s research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.

Cyber efficacy debate

Joe Hubback

Joe

Hubback

Academy Global MD, CLIENT DIRECTOR NORTHERN EUROPE

Joe Hubback is the ISTARI Academy Global MD and Client Director for Northern Europe. Joe has a broad background including McKinsey & Company (where he was a partner and co-led the creation of their cybersecurity practice), he is a published independent cybersecurity analyst and has also held corporate leadership roles (as MD for North West Europe in Keller running a full P&L).

He started his career in the industrial sector as an engineer designing and installing electronic control and robotics systems. He is also passionate about entrepreneurship and is a trustee of the Centre for Entrepreneurs charity.

Article Links

Top 5 Benefits of a New Cybersecurity Market Model Navigate Your Digital Risk Landscape Cybersecurity Technology Efficacy