Everest Group, a prominent research firm, has called on enterprises to shift their focus from cybersecurity to cyber resilience. In their recently published “State of the Market Report” on cybersecurity services, Everest Group emphasizes the crucial distinction between cybersecurity and cyber resilience, highlighting that the two concepts are often erroneously considered synonymous in the business world.
Kumar Avijit, the practice director of Information Technology Services at Everest Group, explains that while cybersecurity is just one component of cyber resilience, many enterprises fail to understand this subtle difference. Avijit stresses the importance of allocating equal importance to the recovery, revamp, and reinforcement stages of cyber resilience, in addition to preventive controls and response. He asserts that having a comprehensive cyber resilience strategy is critical for businesses to safeguard their long-term viability and success.
To assess the current focus of C-suite executives on cyber resilience, Everest Group rates their attention on the “5 Rs” as follows:
1. Ready – The C-suite is extensively concentrating on pre-emptive measures to secure themselves from cyberattacks and investing in cutting-edge technologies.
2. Respond – There is a rapid adoption of extended detection and response (XDR) tools in the market, and service providers are increasingly focusing on automated incident response to reduce the Mean Time to Resolution (MTTR).
3. Recover – The recovery aspect receives relatively little attention from the C-suite, partly due to challenges such as data fragmentation, infected backups, and meeting Recovery Time Objectives (RTO).
4. Reinforce – The C-suite does not prioritize learning from cyberattacks on peer organizations and building defenses accordingly. In most cases, they lack a comprehensive vision of security and remain reactive.
5. Revamp – The C-suite is not agile enough to focus on next-generation technology and fails to anticipate and secure against new attack vectors that emerge with technological advancements.
These findings are detailed in Everest Group’s report, “Cybersecurity Services State of the Market Report 2023: Cyber Secure to Cyber Resilient.” The report provides a comprehensive analysis of the global cybersecurity market, with specific sections dedicated to North America and Europe. It introduces a unique framework to assist enterprises, especially the C-suite, in seamlessly incorporating cyber resilience into their operations. Additionally, the report explores the implications for providers in various key areas, including solutions, services, partnerships, talent, and engagement models, illustrating how they can enable enterprises to adopt cyber resilience.
The report also highlights several key projections and insights, including:
– The cybersecurity services market, currently valued at $70-73 billion, is projected to exceed $100 billion by 2025, exhibiting a compound annual growth rate (CAGR) of 16-18% between 2021 and 2025.
– Identity and access management (IAM), cloud security, and application security are the largest segments of the cybersecurity market, collectively representing 56% of the overall market.
– Cybersecurity consulting services are experiencing rapid growth, with a current market share of 25%. Design and implementation follow closely at 29%, while managed security services lead at 46%.
– North America remains the largest cybersecurity market, accounting for 40% of the market share, followed by Europe at 33%, and Asia at 21%.
– A significant challenge for enterprises is the lack of skills and talent in cybersecurity, with 63% of businesses citing it as one of their top three concerns.
Everest Group is known for providing precise and action-oriented guidance to help business leaders overcome market challenges and strengthen their strategies. By combining deep expertise and thorough research, the firm offers contextualized problem-solving in areas such as technology, business processes, and engineering, considering talent, sustainability, and sourcing aspects. More information and in-depth content can be found on Everest Group’s website.
In conclusion, Everest Group’s call to shift from cybersecurity to cyber resilience emphasizes the importance of not only safeguarding against threats but also being able to withstand, respond, and recover quickly from them. With the cybersecurity landscape constantly evolving, businesses must prioritize the holistic approach of cyber resilience to ensure their long-term viability and success.