April 9th, 2018 / Posted by
Cybersecurity Market Outlook: 2018 Industry Trends and Insights
As the cybersecurity market landscape evolves rapidly, it is critical that those of us promoting cybersecurity products and services—anyone in marketing, sales, product, and leadership teams—stay on top of the ever-changing challenges and trends. With that in mind, we’ve summarized a few industry insights and trends to highlight some areas of particular importance in today’s environment.
- Cybersecurity, by definition will never be ‘resolved’.The adversaries are always changing and evolving—and will find a way to undo whatever security measures are put in place. While there are many conversations surrounding the need for enterprises to adopt a post-breach mindset, we’ve also seen the importance (within our client base and elsewhere) of exploring and investing in emerging technologies that prevent breaches and attacks at the outset. More than a few of our clients are tackling security issues from both sides – taking a preventative view with security front and center in product and software development and proactively isolating issues that are already in the market – so prior or hidden vulnerabilities can be quickly addressed.
- Attackers only have to win once, and many security attacks don’t even require technical acumen. Security training should be about more than just compliance, and tools should be designed to support people processes within an organization, not just the technology. In fact, a recent report cited 58% of threats originated from ‘accidental’ insider threats—and this can happen at any level within an organization. Given the use of mobile, this is particularly tough. One of our clients, Data Theorem, tracks mobile app security and has found vulnerabilities in many of the apps we all use every day. The question remains – how deep does security control need to go to make enterprises safer?
- IoT growth will continue to compound as a security issue. IoT – especially in mainstream applications – weren’t necessarily built with a security mindset. This is a topic that is quickly trickling into a range of security discussions, including at Boston’s recent SecureWorld conference, where we learned from Poneman Institute that 94% of security leaders surveyed believe that IoT presented security concerns that could result in a catastrophic incident.
Devices aren’t getting the patches and updates they need to close vulnerabilities, and this will only compound as more connected devices enter the landscape. Some leading companies are taking this into account early on—such as constructing smart buildings with security in mind from the ground up (an interesting project one of our network security clients, Bradford Networks is supporting). Additionally, companies manufacturing connected products need to understand potential vulnerabilities in the firmware code itself and act accordingly.
- Midmarket is experiencing some of the greatest cybersecurity challenges and threats. Because most of these firms have few (or no) dedicated cybersecurity staff, they are most vulnerable—and most of these firms have valuable IP, PII, and known weaknesses. Security solution providers shouldn’t ignore smaller enterprises – though they should understand they may need to package and position solutions differently—especially if non-security audiences are tasked with the responsibility. One way our clients (and many others) are helping to combat this issue is via automation, since enterprises are also often short-staffed for security expertise.
- Talent shortage remains a huge issue. As you likely know, there is a large shortage of cybersecurity talent globally. At Xconomy’s Cybersecurity conference a couple months back, Vijay Basani of Cygilant estimated it at 1M roles worldwide and 350K in the US, and this is only expected to compound as there isn’t a large enough influx of new talent. While security automation and orchestration holds much promise to offset the needs, it still has a long way to go before the majority of organizations can reap its full benefit. Firms need to get creative in how they find and develop talent. When recruiting, consider prioritizing the caliber of cybersecurity expertise over industry vertical expertise.
- Discussions around risk and risk transfer are (finally) reaching boardrooms. The discussion is no longer about whether security should be an area of focus, but it is being treated like any other strategic business decision, as it should. Cost implications can go far beyond regulation and compliance issues (since HIPAA regulations now extend to suppliers and business partners and GDPR deadlines are looming). For many organizations, it threatens their very existence, damaging brands (think Uber), resulting in PR nightmares and decreased revenues due to lost customers. In our work with clients, we’ve focused on up-leveling the messaging to ensure that the solution is communicated effectively to business and executive audiences, not just technical users of a solution.
As the cybersecurity industry is constantly in flux, changing and evolving by the minute, it is imperative to stay informed and evolve along with it. This is where a marketing partner with cybersecurity expertise can prove invaluable. To learn more about how to best position and market your firm with the help of a marketing agency, download our eBook, “Step-by-Step Guide to Finding the Right Cybersecurity Marketing Partner” or learn more about our cybersecurity marketing capabilities.
Also, we’ll be attending the RSA Conference in San Francisco the week of April 16th. Please feel free to reach out if you’ll be there and would like to meet up.