As the economics of cybersecurity continue to evolve, the number of organizations that can effectively manage cybersecurity on their own will continue to decrease.
A survey of 1,917 IT security practitioners conducted by Ponemon Institute finds only 43 percent claimed their ability to mitigate risks, vulnerabilities, and attacks across the enterprise as very or highly effective.
Top issues that prevent organizations from being effective include inconsistent policies (42 percent). It also includes lack of inventory of third-party access to data (38 percent), insufficient personnel (28 percent), and lack of budget (28 percent).
The survey makes it clear that many cybersecurity professionals already recognize their ability to successfully maintain cybersecurity on their own is limited. Achieving that goal is only going to become more challenging as attacks continue to increase in volume and sophistication. A total of 62 percent report that cyberattacks are becoming more sophisticated. More than half (55 percent) also note attacks are becoming more severe in terms of an increase in the time it takes to investigate and attempt to mitigate the damage inflicted. More than half (53 percent) say cyberattacks are becoming more targeted.
Transforming cybersecurity economics
The report also finds organizations are spending an average of $5.4 million to respond to compromises. Another $2.36 million attributed to disruption of operations caused by breaches that cybersecurity teams were unable to prevent. A majority (57 percent) of respondents reported their organizations suffered one or more cyberattacks in the past 12 months. Nearly half (48 percent) reporting their organization suffered a data breach in the past 12 months. They lost on average, 340,267 individual records.
Given those costs, there’s little doubt the economics of cybersecurity are fundamentally broken. Organizations have increased cybersecurity spending over the years. Few of them can say with any certainty that they are more secure as a result. Artificial intelligence (AI) will undoubtedly help reduce the cost of cybersecurity. Only a small number of cybersecurity teams are going to be able to collect enough telemetry data to take advantage of it. Instead, they will need to rely more than ever on providers of cybersecurity platforms, and their partners, that have the financial resources required to collect all the data required to train AI models to identify cybersecurity threats continuously.
Opportunities and challenges for MSPs
The fundamental economics of cybersecurity is changing, and Managed service providers (MSPs) should benefit from that shift. That is assuming they can gain access to an AI platform that enables them to reduce their total cost of delivering cybersecurity services at scale. The challenge, as always, will be finding ways to deliver those services profitably in the face of stiff competition.
Regardless of how cybersecurity evolves, MSPs will be more relevant than ever. More organizations realize how much the odds are stacked against them. Cybercriminals have access to virtually unlimited resources and are simply better organized. Attempting to win this war without any external help is all but impossible. The issue now is helping as many organizations as possible to come to that realization before a catastrophic event inevitably occurs.
Photo: sasirin pamai / Shutterstock
