- According to Aberdeen Strategy & Research, zero trust is among the top five funded security-related initiatives of 73% of organizations.
- The benefits of cybersecurity initiatives are threefold: risk reduction (or cost avoidance), operational efficiency (cost savings), and achievement of strategic business outcomes (business enablement).
- The market intelligence company discovered that endpoint detection and response (EDR) and extended detection and response (XDR) are becoming mainstream due to zero trust thinking.
Risk management is an inherent part of cybersecurity that enables organizations to minimize threats and capital overheads and optimize operations. It entails identifying, assessing, evaluating, and controlling strategic elements concerning cybersecurity.
Changing tech services, threat landscape, emerging zero-day vulnerabilities, and evolving geopolitical cyberwarfare consistently change organizations’ risk appetite.
Make no mistake, risk management should not be treated as a compliance effort. Rather, it must be considered an ethical objective embedded across the organizational fabric. As such, cybersecurity risk management ownership and responsibility falls to each functional unit in the organization, regardless of their varied individual rosters.
According to Aberdeen Strategy & Research, organizations want to reduce cybersecurity risk to discourage data breaches (21% of organizations experienced data breaches), unplanned downtime (32% of organizations experienced one or more security-related incidents that resulted in unplanned downtime), and compliance (15% of respondents experienced one or more significant compliance issues).
Organizations are thus investing a great deal of resources in cybersecurity — a median of about 22% of their IT operating budgets.
Spending on Cybersecurity Initiatives
Source: Aberdeen Strategy & Research
For instance, zero trust is among the top five funded security-related initiatives of 73% of respondent organizations in Aberdeen’s research. Investments in cybersecurity initiatives such as zero trust are driven by sophisticated cyber threats, compliance requirements, greater cloud permeation and reliance on cloud-based applications and data, remote/hybrid workforce, and risk to valuable/sensitive/regulated data.
See More: Keeping Your Employees Cyber Safe this Summer
However, the benefits of adopting zero trust go beyond its drivers. Through zero trust, organizations not only avoid risk (and thus unnecessary costs) but also save capital through operational efficiencies and enable business.
“Good security first delivers a business outcome and then, and only then, as a result, increases security,” noted J. Wolfgang Goerlich, advisory CISO at Cisco Secure, in conversation with Derek Brink, VP and research fellow, Aberdeen Strategy & Research.
However, since implementing zero trust takes two or more years, Goerlich pointed out that organizations may not necessarily have 100% zero trust. “Today, the strongest predictor of whether or not organizations feel that they are achieving zero trust is whether or not they have automation, orchestration in place,” he said.
Aberdeen found that endpoint detection and response (EDR) and extended detection and response (XDR) are becoming mainstream as a result of zero trust thinking.
Goerlich reiterated this and added that organizations increasingly pair extended detection and response (XDR) with zero trust. “If you have a zero trust project in progress, you are 40% more likely to say, ‘I have an XDR/EDR project,’” Goerlich said. “ Because as we harden that layer, criminals are going to move. If you have end-to-end protection, where do they go? They go to the edge.”
According to Aberdeen research, multi-factor authentication (MFA) is now fully mainstream to protect the edge for trusted users. The contributing factors include lower costs to deploy, manage, and support.
Security Deployment Matrix for Trusted Users
Source: Aberdeen Strategy & Research
To better manage risks, Goerlich cited the importance of understanding the type of risk organizations are dealing with and how likely and impactful it can be on their business. “The ability to click in a little bit and be more granular about what that risk scenario is makes those conversations so much easier,” he said.
How can organizations better manage cybersecurity risks? Share your thoughts on Facebook, X (Twitter), and LinkedIn. We’d love to hear from you!
Image source: Shutterstock