As 2022 draws to a close, there’s a lot of good news in the cybersecurity world for a change. In a space that’s traditionally been dominated by fear, uncertainty and doubt (FUD), there were promising developments this year associated with how organizations view cybersecurity and prioritize their IT security spending.
In particular, there were three key advancements in 2022:
● For many organizations, cybersecurity spending was finally viewed as an investment rather than as an optional budgetary line item.
● Many CISOs’ roles expanded to encapsulate new responsibilities as Chief Trust Officers.
● Companies came to the realization that “it takes a village” to prevent potential cyberattacks.
All three of these developments are examined in further detail below.
Effective Cybersecurity: More Than a Budgetary Line Item
For years and years, most organizations viewed cybersecurity as a series of one-off projects that represented a drag on organizational resources rather than as a strategic imperative that actually preserved revenue. In 2022, a broad range of companies- across all industry verticals- finally faced the business reality that effective cybersecurity is a sound financial investment and that working with an experienced IT security partner can maximize the impact.
Here are several reasons why:
● Effective cybersecurity reduces company downtime and improves employee productivity. Statista found that the average company downtime after a ransomware attack was 20 days in Q4 2021. For those 20 days -- nearly three weeks’ time -- employee productivity and revenue-generating activities were decimated.
● Cyberattack prevention is less expensive than idly sitting by and waiting for an attack to occur. As highlighted in a recent Memphis Business Journal article, cyberattack prevention is generally less expensive than waiting for an eventual attack. And as noted in my popular ransomware blog, the average ransomware payment soared to $570,000 in 2021. Meanwhile, purchasing a ransomware detection and recovery solution usually represents just a fraction of that cost.
● Cyber insurance premiums are more manageable for companies that prioritize cybersecurity. If you’d like to learn more about the relationship between cyber insurance and positive cybersecurity behavior, listen to my recent webinar with Lynn Ambrose from The Plexus Groupe, “Why Cyber Insurance Premiums Continue to Rise and What to Do About It.”
● Consumers are more confident conducting business with companies that hire cybersecurity professionals in their organizations. Recent ISACA research indicates that IT security certifications effectively increase digital trust and confidence in business interactions with consumers and stakeholders.
● Regulatory compliance is good business. Not only does compliance with regulatory requirements such as HIPAA, PCI-DSS and GDPR improve overall cybersecurity preparedness, but it can also help you to prevent costly fines and business interruption.
CISOs’ Roles Expand to Become Chief Trust Officers
I’ve written previously about the long-awaited convergence between data privacy and cybersecurity. At a November 2022 Forrester Research event, VP and Principal Analyst Jeff Pollard led a session about the burgeoning role of the Chief Trust Officer. This role combines the traditional responsibilities of a Chief Information Security Officer (CISO) and a Chief Privacy Officer, depending on the company’s approach. According to Pollard’s research, companies as diverse as Atlassian, Cisco, DocuSign, Red Canary and Reddit have added the title of Chief Trust Officer to their portfolios or elevated CISOs to that position within their companies.
As the business world transitions into 2023, executive positions like Chief Trust Officer will become even more vital based on the following:
● According to a Forbes Insights report, 46% of organizations suffered reputational damage due to cybersecurity breaches, and 19% suffered reputational damage due to third-party security breaches or IT system failures. With US economic growth expected to slow next year, companies will be ill-positioned to cope with diminished brand reputation.
● In January 2023, the California Consumer Privacy Act (CCPA) will transition to the California Privacy Rights Act (CPRA). Similarly, the Virginia Consumer Data Protection Act (VCDPA) will go into effect.
● In July 2023, the Colorado Privacy Act (CPA) will go into effect, along with the Connecticut Data Privacy Act (CTDPA).
● In December 2023, the Utah Consumer Privacy Act (UCPA) will go into effect.
● Meanwhile, stricter cybersecurity requirements such as the Cybersecurity Maturity Model Certification (CMMC) are anticipated to take effect, meaning that companies will need to focus on improving data privacy and bolstering cybersecurity.
Your customers will require an experienced technology partner to navigate all of these changes.
Realization That 'It Takes a Village' to Prevent Potential Cyberattacks
In a trend that’s accelerated over the past few years, more cybersecurity professionals are joining industry communities and seeking advice and guidance from their peers. At Egnyte, our Get Ready for CMMC Community is one of the fastest-growing cybersecurity groups I’ve ever managed. Similarly, many of our customers have generously shared their cybersecurity preparedness stories, including how the Parkinson’s Foundation made data security a team sport and how Tutor Perini Corporation and ERRG manage their CMMC compliance journeys. Your customers can benefit from these detailed use cases.
With the growing realization that virtually every company could become a cyberattack victim—particularly as a result of ransomware—long gone are the days of relying solely on internal organizational resources. As a result, companies are becoming more open by sharing their experiences with other organizations and seeking significant support from their business partners. For additional cybersecurity trends, please read and share Egnyte's recent "Cybersecurity Trends for Mid-Sized Organizations" study.
Guest blog courtesy of Egnyte. Read more Egnyte guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.
