• Security heads continue to be challenged in implementing effective cybersecurity strategies and continue to want positive and measurable business outcomes with their cybersecurity investments.
• To stay relevant and drive growth, providers will have to reposition sales and marketing efforts in front of customers, emphasizing value-based selling addressing business challenges.
The Challenged Chief Information Security Officer (CISO), and Vendors Riding on the Current Cybersecurity Growth Wave
It is clear that cybersecurity is high on the agenda for businesses of all sizes ranging from small-to-medium enterprises to multinational corporates and government establishments. In recent years, the public has seen exponential growth in cyberattacks across a range of verticals covering finance, government, and utilities to name a few. On the one hand, this has resulted in healthy revenue growth in the cybersecurity segment, with stock valuations and revenues on the rise alongside advances in technology.
However, vendor success has its own dilemma in cybersecurity, as chief information officers (CIOs) proactively continue to prepare their businesses in the modern era by embracing technology and digitalization, transforming the way their organizations rework their business models and create new services in innovative ways. This has resulted in CISOs continuing to be challenged in implementing effective cybersecurity strategies addressing wider risks within the business.
Current Vendor Focus
Trends regarding enterprise cyber threats will continue to drive enterprises and cybersecurity providers in the next two years to implement what GlobalData defines as “pervasive security,” providing secure access everywhere with greater trust, covering applications, cloud-to-legacy environments, and to the point of user device, whatever and wherever that might be. From a technology perspective, 2022/2023 will continue to bring new product announcements (i.e., solutions that enable enterprises to move up the value chain in monitoring the security posture across the enterprise as well as M&A activity). Increased data breaches will also continue to challenge enterprises in both B2B and B2C settings and accelerate the implementation of compliance and privacy frameworks that have started becoming mandatory through government legislation like the EU’s General Data Protection Regulation (GDPR).
Considerations for Success for Both Vendors and CISOs
From a supplier perspective, there are a number of strategic options for vendors to consider to realign their efforts in the future. These entail better alignment of portfolio, and – more importantly – sales and marketing efforts to desired enterprise business outcomes. It also means creating zero trust across the enterprise (improving overall trust), having a greater role directly and indirectly at the client executive/board level. Larger providers with strong professional service capabilities will also need to provide thought leadership relative to cybersecurity around operational enablement (e.g., defined technology roadmaps with simplification and consolidation with justified ROIs as well as resource transition and centralization, etc.). However, from all of this, one key prerequisite that will be required by vendors as they move forward in 2022 and beyond is better alignment of their value proposition in addressing and reducing future enterprise risk, some of which will not be directly linked to current security frameworks like the one set by the National Institute of Standards and Technology (NIST).
From a CISO perspective, as enterprise digital transformation accelerates in parallel to cyber threats, the practicality of decisions around cybersecurity and networks will be challenging for enterprises in the next two years. In particular, there will be greater involvement of the enterprise senior executive team (including the board) in relation to security and how security measures translate to positive business outcomes, positive revenue, and overall limit enterprise risks. Therefore, CISO strategies should utilize the foundations of business benefits gained and risk reduction. Lastly, there will need to be greater focus in centralizing teams with security and highlight to vendors the need for simplification, unification, and standardization when it comes to cybersecurity and solving ‘real-life’ practical technological issues, not just within the enterprise but across the supply chain and regional offices.