MIAMI - Cybersecurity is becoming a “check box” industry where organizations are looking to make sure they have the list of components covered -- endpoints, email, identity, cloud networking, training, incident response plans, tabletop exercises and compliance for cyber insurance.
“Attend the cybersecurity keynotes. Congratulations. Check!” said Matthew Ball, a chief analyst at Canalys, during the opening session at the market analyst organization’s North America Forum this week.
“Cybersecurity is becoming boring,” said Ball. But being boring is not a bad thing. Being boring means as an industry we are closer to cybersecurity maturity.
Ball provided an update on the state of cybersecurity in the channel for 2024 and offered his insights on where the industry is going in 2025.
First, Ball said North American cybersecurity spending on technology and services will hit $131 billion in 2024, up 12% from last year. Canalys is forecasting the market to grow to $173 billion by 2027, a compound annual growth rate (CAGR) of 10%.
While reported breaches surged 52% so far in 2024, it wasn’t just cyber threats that challenged service providers and other partners this year. In addition, there were infrastructure failures, misconfigurations, integration issues, poor updates and patches, and human error. These caused many of the most disruptive IT outages this year, Ball noted.
Major outages included the big one – CrowdStrike – plus additional outages by Microsoft Azure (twice), AT&T, Cloudflare (twice), Salesforce, Atlassian, Google Cloud, and Oracle OCI.
The combination of our over-dependence on technology and our lack of backup plans left many organizations stuck this year. The industry needs to address the other major causes of outages going forward, he said.
“Until we fix the underlying problems, we’ll struggle to build resilience against risks,” Ball said.
How to Be More Boring
Reaching a high level of cybersecurity by checking more boxes will make us more boring, Ball said. One of the ways to help the industry get there is by offering virtual CISO (vCISO) advisory services.
“It’s not new, but only 2% of all cybersecurity partners offer vCISO services today,” Ball said. However, vCISO services are now a great opportunity for partners to offer in support of organizations that don’t have their own CISOs, he added.
At least 10% of partners will leverage vCISO services over the next three years to drive upsell and capture more of the cybersecurity market, according to Ball.
The Cybersecurity Platform Dilemma: Cost vs. Resilience
“Customers want to consolidate, simplify and reduce the cost of their cybersecurity with platforms, but they don’t want to reduce their resilience by being too dependent” on two few vendors, Ball said. “Economics will win. So expect more consolidation of platforms.”
Customers will be looking for an assessment of risks, costs and the value of their cybersecurity investments in relation to those.
“Until IT leaders can articulate the outcome of their spending in a language that’s understood by their management, projects will not be signed off.”
Ball said that vendors are part of the problem, given the outages we experienced this year. Vendors need to step up and demonstrate that their software works in customer environments. They must provide detailed evidence of safe software development and testing. They must provide continuity plans and auditing before software updates go live.
“Any vendor that fails to do this is at risk,” Ball said. “This is the time to evaluate all the vendors you work with because as the industry moves more to SaaS, too many customers are treating customers like guinea pigs, pushing out bad updates with poor support,” Ball added.
“Time is running out. The next big incident is about to happen,” he said.