Alliance News:

As of May 27^th, 2022, NEW Digital Alliance is under the direction of new leadership with the resignation of Director, Kim Iversen. Iversen would like to thank you for your trust, patronage, and support in the NEW Digital Alliance’s efforts to solve the digital and IT talent gap in Northeast Wisconsin over the last five years. Her position as Director has not yet been filled. If you have comments or questions, please email NEW Digital Alliance at info@newdigitalalliance.org. Thank you!

2022 State of Cybersecurity:

Over the past year, the business world has been adjusting to lessons learned from the COVID pandemic. On a workforce level, companies are struggling to decide the best ways to balance employee flexibility and corporate culture. On a technical level, the many benefits of a cloud-first architecture are being weighed against the challenges of managing complexity and cost in a multi-cloud environment. It will still be years before we understand what equilibrium looks like in the post-pandemic environment, but the early changes point to a significant restructuring.

Another prominent takeaway from the pandemic is that symptoms are often easier to diagnose and treat than root causes. This obviously has implications beyond corporate strategies, but a prime example of this concept in the business world is the field of cybersecurity. Companies are made all too aware of poor cybersecurity when they are breached, and a postmortem can identify processes or tools that would have prevented or mitigated the attack. But that may not address underlying problems that can lead to a different cyber incident down the road.

CompTIA’s 2022 State of Cybersecurity report examines the disconnect between root cause and symptoms. Digital transformation driven by cloud and mobile adoption is forcing a new strategic approach to cybersecurity, but fully adopting this new approach poses significant challenges, both tactically and financially. Although cybersecurity remains one of the most pressing issues for modern business, the hurdles that come from legacy views of IT and low understanding of the threat landscape make it difficult to follow the prescribed treatment.

Sentiments around cybersecurity are a good indicator of how difficult it is to make progress. Seven different geographic regions participated in CompTIA’s 2022 State of Cybersecurity study, representing a range of economic and technical maturity. Across all seven regions, there is a clear belief that cybersecurity remains a problematic area, as both a general concern and a company-specific dilemma.

For starters, the general state of cybersecurity – which may include the organization of cybercriminals, governmental responses or the capabilities of available cyberdefense mechanisms – is making relatively slow progress. Especially in more developed regions, few individuals believe that there is dramatic improvement being made. In most cases, nearly the same percentage of people believe that the situation is getting worse. While year-over-year data is not available outside the United States, the trend does not appear to be positive; the overall percentage of U.S. respondents who saw improvement in the cybersecurity landscape dropped slightly from 69% to 68%.

Bringing things closer to home, the view is not much better at the individual company level. While a majority of respondents in every region felt that their company’s cybersecurity was satisfactory, a much smaller number ranked the situation as completely satisfactory. Nearly everyone feels that there is room for improvement, with some cases more dire than others. Here, the year-over-year trend shows some mixed signals. In the United States, net satisfaction rose (from 70% to 75%), but the rating of complete satisfaction dropped (from 29% to 24%). For the remainder of this report, the focus is on U.S. data. Separate research briefs highlight data points from international regions.

Throughout the pandemic, organizations accelerated the pace of technical adoption as they adjusted to historic disruption. This opened the doors for increased flexibility and long-term efficiencies. At the same time, that acceleration forced many companies into a space where traditional cybersecurity mindsets and tool kits were inadequate. Rather than addressing isolated concerns around specific activities, businesses have to adopt a new paradigm that informs cybersecurity decisions across the full range of operations.

To dive further into Policy, Process, People, and Product, read CompTIA’s full article HERE!

Market Overview

In many ways, the field of cybersecurity is a reaction to the ways that enterprise IT evolves. After all, the need for cybersecurity only comes after technology has been implemented. This dynamic has intensified in recent years, as businesses aggressively pursue technology with the tendency to treat cybersecurity as a secondary consideration.

To the extent that the shape of cybersecurity follows the shape of IT, the defining characteristic of modern cybersecurity is complexity. Just as IT operations and strategy have grown more complex with the introduction of cloud and mobile systems, the management of cybersecurity has developed many facets as companies deal with the expansion of the threat landscape. According to CompTIA’s survey, two of the top three issues driving cybersecurity are the growing volume of cybercriminals and the growing variety of cyberattacks.

Complexity demands clarity. With multiple factors impacting cybersecurity efforts – such as digital transformation, government regulation or customer perception – it is no longer sufficient to view cybersecurity as merely a protective coating. Organizations must carefully consider the objectives driving their cybersecurity strategy, which leads to probing questions. How does cybersecurity advance the interests of a business? How is cybersecurity success being measured? How are the proper investments being determined?

Answering these questions, especially the last one, is leading to an ever-increasing focus on cybersecurity as a standalone discipline. If cybercrime is growing dramatically as a financial and operational liability, dedicated focus is the prescription for avoiding serious consequences.

Three data points describe the explosive nature of the cybersecurity landscape. First, Cybersecurity Ventures reports that the global financial damages from cybercrime totaled $6.1 trillion in 2021. This number is expected to grow 15% year-over-year, reaching $10.5 trillion by 2025. The costs of cybersecurity incidents go beyond the recovery of stolen data or the payments made due to ransomware attacks. Reputational damage can have large ripple effects, such as lost business from customers leaving or time spent negotiating new contracts if partners and suppliers lost faith.

To avoid becoming a cyber-related headline, businesses are increasing their cybersecurity budgets. Gartner projects that global cybersecurity spending will increase from $150 billion in 2021 to $172.5 billion in 2022, eventually growing to $267.3 billion in 2026. Much of this growth will be driven by spending on cloud security, as organizations continue migrating toward a cloud-first architectural approach. Secure identities will also be a major talking point, especially as companies consider blockchain-enabled identity solutions or identity-related implications for metaverse applications.

Finally, there is critical demand around cybersecurity skills. CyberSeek, a joint project between CompTIA, labor analysis firm Lightcast, and the National Initiative for Cybersecurity Education (NICE), shows that there are over 714,500 job postings in the United States requesting cybersecurity-related skills. Many of these openings are for dedicated cybersecurity positions such as cybersecurity analysts or penetration testers. CompTIA’s State of the Tech Workforce report shows that demand in those areas will remain strong, with 4% growth expected in 2022 and growth that’s expected to be 253% above the national rate over the next 10 years. According to Lightcast, the overall U.S. labor market is expected to grow 1% in 2022 and 7.8% over the next 10 years.

The scale and scope of the cybersecurity problem is immense, and no organization is immune to a disruptive attack. From government agencies guarding critical infrastructure to sole proprietorships protecting customer data, every institution in the digital era has to give cybersecurity its full attention. Past practices may be holding many companies back, but there are more resources than ever to help establish policies, build processes, train people and implement products in order to create the strongest possible cybersecurity posture.

To dive further into Policy, Process, People, and Product, read CompTIA’s full article HERE!

Methodology

This quantitative study consisted of an online survey fielded to business and IT professionals involved in cybersecurity during Q3 2022. A total of 500 professionals based in the United States participated in the survey, yielding an overall margin of sampling error at 95% confidence of +/- 4.5 percentage points. For international regions (ANZ, ASEAN, Benelux, Canada, Germany and UK), a total of 125 professionals in each region participated in the survey, yielding an overall margin of sampling error at 95% confidence of +/- 8.9%. Sampling error is larger for subgroups of the data.

As with any survey, sampling error is only one source of possible error. While non-sampling error cannot be accurately calculated, precautionary steps were taken in all phases of the survey design, collection and processing of the data to minimize its influence.

CompTIA is responsible for all content and analysis. Any questions regarding the study should be directed to CompTIA Research and Market Intelligence staff at research@comptia.org.

CompTIA is a member of the market research industry’s Insights Association and adheres to its internationally respected Code of Standards and Ethics.