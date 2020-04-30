Successfully reported this slideshow.
  1. 1. T H E C Y B E R S E C U R I T Y I N D U S T R Y I S N O T H I N G I F N O T C R O W D E D . I F Y O U E V E R A T T E N D E D A S E C U R I T Y E V E N T , L I K E R S A “ C R O W D E D ” I S A N U N D E R S T A T E M E N T , B O T H F I G U R A T I V E L Y A N D L I T E R A L L Y . T H E R E A R E H U N D R E D S O F V E N D O R S A N D M A N Y M O R E A T T E N D E E S , A L L H O P I N G T O F I N D T H A T M I S S I N G P I E C E T O T H E I R S E C U R I T Y S T A C K P U Z Z L E . Y E T M O R E O F T E N T H A N N O T , A T T E N D E E S A R E L I K E L Y T O L E A V E A C O N F E R E N C E A W A S H W I T H B R O C H U R E S A L L P R O M I S I N G T O D E L I V E R V E R Y S I M I L A R , I F N O T T H E S A M E , B E N E F I T S . The Cybersecurity Paradox
  2. 2. The Cybersecurity Paradox However, this hyperbole contrast greatly with the sober reality that increased spending trends have not equated to improved security. Over the past ten years or so, the budget organizations have allocated for cybersecurity strategies have tripled. This increased budget must mean cybersecurity challenges are finally solved. We can all go home now, trusting organizations are now secure. Of course, that is not the case. Recently we partnered with the Ponemon Institute to survey IT and security professionals on their perceptions and impacts of prevention during the cybersecurity lifecycle. With over 600 participants from many different industries providing feedback, we believe the results of the survey to be representative of the security landscape. Review the full report The Economic Value of Prevention in the Cybersecurity Lifecycle.
  3. 3. The Cybersecurity Paradox Survey respondents have found that delivering a continuous and consistent level of prevention is difficult, with 80% rating prevention as the most difficult to achieve in the cybersecurity lifecycle. So, it is no surprise that almost 80% of budget funds non-prevention priorities (containment, detection, remediation, and recovery). Here is where things get frustrating and confusing. 70% of respondents believe the ability to prevent would strengthen their security posture. When asked how much preventing attacks could drive down costs, respondents estimated savings between $396,675 and $1,366,365 (for ransomware and nation-state attacks respectively). Couple this information with the fact that 40% of the respondent feel their security programs are underfunded, and you find yourself scratching your head. Why are organizations spending their scarce budget in ways that seem contrary to their interests?
  4. 4. The Cybersecurity Paradox You know that if you were able to prevent these security incidents from happening, let’s even be conservative here and say you prevent two of the three incidents (one phishing, one ransomware) you could avoid spending $1.5 million yearly. Your “effective” security budget would keep its value and not drop to $8.5 million, and you could argue your cybersecurity posture has improved by 66% (with two of the three security incidents being non-events). If the definition of insanity is doing the same thing over again and expecting a different result, this current pattern begs critical evaluation. I propose two reasons why the results of this survey indicate a dysfunctional relationship between budget allocation and resulting security posture. For more information about the cybersecurity paradox click the link or visit the website

