Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience
According to Everest Group, an enterprise shift from mere awareness of cyber threats to actively working toward resilience has the potential to redefine the future of cybersecurity services.
DALLAS, August 29, 2023 — Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the ability to withstand, respond and recover quickly from them.
Everest Group issues this call to action in its recently published “State of the Market Report” on cybersecurity services. The report focuses on differentiating cybersecurity from cyber resilience, emphasizing that these two concepts are often mistakenly considered synonymous in the business world.
“Cybersecurity is just one component of cyber resilience, but, unfortunately, many enterprises fail to understand the subtle difference,” said Kumar Avijit, practice director of Information Technology Services at Everest Group. “While a majority of C-suite executives concentrate on preventive controls and response, equal importance needs to be allocated to the recovery, revamp, and reinforcement stages of cyber resilience. For any business, having a comprehensive cyber resilience strategy is critical in safeguarding long-term viability and success.”
Everest Group rates current C-suite focus on the “5 Rs of cyber resilience” as follows:
- Ready – High: C-suite is extensively focusing on pre-emptive measures to secure themselves from cyberattacks and are investing in cutting-edge technologies.
- Respond – High: There is rapid adoption of extended detection and response (XDR) tools in the market, and service providers too are now focusing on automated incident response to cut down on the standard metric of Mean Time to Resolution (MTTR).
- Recover – Medium: There is very little focus on the recovery aspect from the C-suite, underpinned by the challenges of data fragmentation, infected backups, and meeting Recovery Time Objective (RTO) that are visible across the C-suite.
- Reinforce – Low: C-suite is not focused on learning from cyberattacks on peer organizations and building defenses accordingly. In most case, the C-suite lacks a comprehensive vision of security and instead remains reactive.
- Revamp – Low: C-suite is not acting agile enough to focus on the next-generation technology and thinking a step beyond on how to secure itself from the new attack vectors that the new shine tech brings.
These findings and more are detailed in Everest Group’s recently published report, “Cybersecurity Services State of the Market Report 2023: Cyber Secure to Cyber Resilient.” ***Download a complimentary abstract here. ***
The report provides an in-depth analysis of the global cybersecurity market, with special sections on North America and Europe. In addition, the report introduces a unique and easily understandable framework to assist enterprises, particularly the C-suite, in swiftly incorporating cyber resilience into their operations. Additionally, the report explores the implications for providers in key areas such as solutions, services, partnerships, talent, and engagement models, illustrating how they can enable enterprises to adopt cyber resilience.
- Projections suggest the cybersecurity services market, currently valued at $US 70-73 billion, will surpass the $100 billion mark in 2025, exhibiting a CAGR of 16-18% between 2021 and 2025.
- Identity and access management (IAM), cloud security, and application security form the largest segments of the cybersecurity market, collectively representing 56% of the overall market.
- Cybersecurity consulting services are experiencing rapid growth, with a current market share of 25%. This is closely followed by design and implementation at 29% and managed security services leading at 46%.
- North America remains the largest market (40%) followed by Europe (33%) and Asia (21%).
- 63% of enterprise have mentioned lack of skills/talent as among their top three biggest challenges when it comes to cybersecurity.
About Everest Group
Everest Group is a leading research firm helping business leaders make confident decisions. We guide clients through today’s market challenges and strengthen their strategies by applying contextualized problem-solving to their unique situations. This drives maximized operational and financial performance and transformative experiences. Our deep expertise and tenacious research focused on technology, business processes, and engineering through the lenses of talent, sustainability, and sourcing delivers precise and action-oriented guidance. Find further details and in-depth content at www.everestgrp.com.