Supply Value’s IT Trends Survey 2024: Trend 3 – Cyber and Data Security

Cybersecurity aims to keep computer systems, networks, and digital infrastructures sustainably available by protecting them from threats and attacks, such as unauthorized access and ransomware. It encompasses everything from antivirus software on individual workstations to real-time threat detection systems on an organization’s overall digital infrastructure. Data security, on the other hand, focuses on protecting data to prevent unauthorized access, modification, or destruction. Techniques such as encryption, access management, and backups are used. Cyber and data security are closely linked to ensure the confidentiality, integrity, and availability of sensitive information and (business-critical) applications.

Downside

Protecting sensitive information is increasingly crucial in a digital and interconnected world. Security risks are the flip side of a digitized society, where the security of digital processes is essential. The National Coordinator for Counterterrorism and Security (NCTV) notes in the Cybersecurity Assessment Netherlands 2023 that the digital threat remains undiminished but is constantly changing.

Hybrid working is changing the threat landscape, providing more opportunities to exploit small human behaviors.

The Russian war on Ukraine is reviving hacktivism, with organizations worldwide becoming targets using increasingly sophisticated methods and means. This elevates the risk of ransomware and DDoS attacks, while operational technology (OT) remains a vulnerable building block. With the earlier mentioned digitalization, OT is now vital for controlling, monitoring, and managing physical processes. Organizations, with robust cyber and data security, enhance their control over digital risks that can lead to image and financial damage through ransom claims, stalled processes, and negative publicity.

Changing Threat Landscape

Cyber and data security also play an important role for respondents in the IT Trends Survey 2024. Fifty-four percent of respondents are very familiar with the subject of cyber and data security or consider themselves experts. The high priority of IT trends like AI and cloud also underscores the importance of cyber and data security. Just as AI helps organizations optimize operational processes, it also aids cybercriminals in making their methods and tools more sophisticated, such as mimicking a CEO’s voice or video. Meanwhile, hybrid working, with the help of cloud technology, is altering the threat landscape, providing more opportunities to exploit small human behaviors.

Nevertheless, for respondents, cyber and data security seem to be decreasing in prioritization compared to other trends. While in 2022, over 46 percent of respondents identified the trend as the most important, now ‘only’ 10 percent of respondents select cyber and data security as the most important trend for the upcoming year.

Breakdown

“Important reasons for an organization to focus on cyber and data security vary but are primarily shaped by the need to prevent data breaches and security incidents. Respondents often cite digitalization as a crucial factor, exposing organizations to increased risks, while business continuity becomes increasingly dependent on digital processes.”

On the wave of digitalization, numerous opportunities and risks are approaching organizations.

The applications respondents mention for working on cyber and data security can be divided into technology, organization, and people. Applications include cloud security to control data protection even in the cloud. Certification and security operations centers are also mentioned as applications to establish cyber and data security, involving tools like SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and SOAR (Security Orchestration, Automation, and Response). On the people side, protection against phishing is mentioned as a relevant application, where the security awareness trend also plays a significant role.

Remains Topical

Cyber and data security remain as topical as ever, according to both respondents’ answers and news reports of incidents. Without adequate cyber and data security, organizations and societies are increasingly at risk of reputational and financial damage. This is reflected in a large proportion of respondents considering themselves at least reasonably familiar with the topic. Simultaneously, it is noticeable that the priority for cyber and data security among respondents is decreasing compared to other trends. This may be due to budget constraints, for example, but it is a risky approach due to the constant change in cyber threats.

On the wave of digitalization, various opportunities and risks are approaching organizations, which can lead to disrupted business processes, image damage, or even social disruption. At the same time, the IT Trends Survey 2024 shows that the priority for cyber and data security is decreasing, which appears to be a contradictory development. It is even more crucial to be aware that without appropriate cyber and data security, it becomes significantly more challenging to make and maintain other prioritized IT trends, such as AI, successful.

Organizational Risk Profile

As cyber and data security can be applied with small measures to costly programs, it is generally wise to first map the organization’s risk profile. Be aware of the organization’s most significant risks and prioritize measures aimed at those risks. This approach creates the most value, sometimes even with relatively little effort, such as introducing two-factor authentication for core applications. When doing so, consider not only the risks for today’s organization but also the relevant IT developments and the digital risks they will entail in the coming year.

Also, with the changing prioritization among respondents, it is essential that organizations continue to invest in cybersecurity measures, staff training, and develop a proactive approach to protect systems and data.

Source: Sander Hulsman for Computable.nl