Gartner has highlighted the cybersecurity issues that businesses face in the transition to becoming digital, predicting that by 2020, 60 per cent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.Gartner notes that “a lack of directly owned infrastructure and services outside of IT’s control will need to be addressed by cybersecurity”.
“Cybersecurity is a critical part of digital business with its broader external ecosystem and new challenges in an open digital world,” Paul Proctor, Gartner vice president and distinguished analyst, commented.
“Organisations will learn to live with acceptable levels of digital risk as business units innovate to discover what security they need and what they can afford. Digital ethics, analytics and a people-centric focus will be as important as technical controls.”
Gartner points to five key areas of focus:
– Leadership and governance – decision making, prioritisation, budget allocation, measurement, reporting, transparency and accountability are key attributes of a successful program balancing the need to protect with the need to run a business.
– The evolving threat environment – IT risk and security leaders must move from trying to prevent every threat, acknowledging that perfect protection is not achievable. Gartner has predicted that 60 per cent of enterprise information security budgets will be allocated for rapid detection and response approaches by 2020, up from less than 30 per cent in 2016.
– Cybersecurity at the speed of digital business – traditional security approaches designed for maximum control will no longer work in the new era of digital innovation, and IT risk and information security leaders must assess and transform their programs, becoming digital business enablers rather than obstacles to innovation.
– Cybersecurity at the new edge – by 2018, 25 per cent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls, with organisations needing to address cybersecurity and risks in technologies and assets they no longer own or control.
– People and process: cultural change – it is critical to address behaviour change and engagement, from employees to customers, with cybersecurity accommodating and addressing the needs of people through process and cultural change.