As the year ends, many of your employees, users, and customers are beginning to wind down and celebrate the upcoming holiday season. For the United States, the next holiday season is Thanksgiving, a celebration full of food and family gathering. However, the most iconic part of Thanksgiving is the stereotypical food that many families serve throughout the dinner: turkey, mashed potatoes, stuffing, cranberry sauce, and pie.
Everyone prioritizes the turkey as the main course of the night. It has to be perfect. Then, come the side dishes which are served with the main course, and if you can still eat after the hefty meal, lastly, comes the dessert, like pumpkin pie.
We can say that this hierarchy of dishes can be related to how everyone views the priority of cybersecurity as part of their IT strategies today. So, we recently asked around, “if cybersecurity was a dish at Thanksgiving dinner, what dish would it be?” Respondents were able to choose from mashed potatoes, meaning treat cybersecurity like a side dish, turkey representing cybersecurity as the main course, or pumpkin pie, meaning cybersecurity was put towards the very end of their priorities (of course assuming they weren't dessert-lovers and started eating dessert first).
In 2020, many respondents stated that cybersecurity was a side dish, being important but it must integrate well with the main course, their entire IT strategy, along with other competing priorities.
This year, from over 200 IT professionals:
This year the perception changed significantly. We found that most respondents now view cybersecurity as the main course, highlighting a shift to treat cybersecurity with the highest priority.
This shift to treating cybersecurity as a high priority is evident with the increase in investments toward cybersecurity efforts. According to Forbes, 55% of enterprise executives planned to increase their cybersecurity budgets this year and 51% were adding full-time cyber staff.
Why is there such a high investment, and why is there this sudden shift? Well, throughout 2021, cyberattacks have continued to increase, with some like the JBS Meat Plant and the Colonial Pipeline showing that unprotected businesses and their databases, especially those protected with a single password, are vulnerable to attacks. All organizations are now on high alert.
Cybercriminals have stopped being selective in their targeting. No longer can organizations think, “threat actors will never attack us because we are too small and are not worth the effort”. Threat actors have been increasing their targeting of smaller businesses as well as key industries including financial, healthcare, and government sectors. Due to the sensitive nature of these sectors' data and the human impact of when they experience a cyberattack, such as phishing and ransomware attack, cybercriminals know they are more likely to pay the ransom and there is a bigger reward for the data they can obtain.
For organizations, the clear solution is a larger investment in their cybersecurity controls, such as stronger authentication solutions, to mitigate the risk of a cyberattack being successful.
Our prediction is many IT directors will continue to treat cybersecurity like Thanksgiving turkey, with it central to their IT strategies. Investments will continue to increase for stronger and newer cybersecurity controls, especially in the area of Identity and Access Management. According to Cybersecurity Ventures, this year's $262.4 billion in cybersecurity expenditures will skyrocket to $458.9 billion in 2025.
Acknowledging that cybersecurity is as important as the Thanksgiving turkey means CIOs, CISOs, and most business stakeholders expect to keep cybersecurity top of mind this holiday season and into the future.