A 2020 forecast from Gartner predicted enterprise spending on information security to grow 2.4% this year to reach $123.8 billion this year , even after numerous economic obstacles presented by the COVID-19 pandemic. Unfortunately, this market growth has led to intense crowding in the cybersecurity market and as a result, we’re experiencing a significant cybersecurity efficacy issue which has contributed to the increasing volume of attacks..
Some technologists and industry leaders have proposed establishing an independent and transparent assessment to address these efficacy issues. Customers often don’t have sufficient insight or access to the information they need to effectively evaluate their technology choices. As a result, enterprises often make poor buying decisions and cybersecurity solutions fail.
By addressing the asymmetry of information between vendors and prospective buyers, enterprises can better identify and implement the most effective solutions for their unique circumstances. Implementing an independent assessment methodology would make vendors more accountable for the competence of their solutions and specifically address key characteristics that define cybersecurity efficacy, such as:
- Capability to deliver the security mission (fit-for-purpose)
- Practicality in operations (fit-for-use)
- Quality of security build and architecture
- Provenance of the vendor and supply chain
In addition to altering the way enterprises purchase technology, a long term effect of migrating to an assessment-based approach may be a change in the way organizations approach their cybersecurity strategies. Increased transparency and access to information could shift the vendor/enterprise paradigm and open the door for a multi-layered cyber strategy made up of targeted solutions working in tandem to establish the most effective security network possible.
Making it Work
This shift in the way enterprises experience and purchase technology would be a massive change for the industry, but there are several hurdles to clear before it could become a reality. All players in the market would need to come to a consensus on critical elements of the new system, from establishing assessment standards to deciding who pays for it all.
We believe a regulated assessment to prove the viability, capability and practicality of our technologies could offer a huge benefit to our customers. However, the regulatory issues and cost-considerations could emerge as prohibitive road blocks.
We’d love to hear your thoughts on this. Would an independent, regulated assessment help in your cybersecurity purchasing decision ? Let us know.