Cybersecurity technologies are not as effective as they should be when it comes to protecting organizations from cyber threats. That is the opinion of 90% of participants in the Debate Security study. Although the cost of cybersecurity is growing every year and has increased by +58% over the past five years, business leaders still identify the consequences of cyberattacks as one of the top 5 risks in 2020.
The main reason is the low efficiency of most protection technologies on the market.
As one of the heads of information security service (CISO) said, “We buy the technology, and then cross our fingers and hope that it will work.” That lowers trust in cybersecurity solutions because products often do not deliver on their promises. The study agrees that four key characteristics are vital in determining the effectiveness of cybersecurity technology:
- the ability to meet security objectives
- quality in construction and security architecture
- supplier and supply chain origin
The fundamental problem lies in economics, not technology. Researchers argue that there is an information bias between the parties that prevents buyers from effectively evaluating technology before buying and encourages suppliers to introduce non-optimal solutions to the market. That has resulted in more and more products that are not as effective as manufacturer promise, reducing confidence in cybersecurity technologies in general.
Is there a solution?
The best solution to the problem of information distortion and trust restoration is to conduct an independent and transparent assessment of technical efficiency.
As a result, customers will receive better information to make purchasing decisions taking into account all the risks, and suppliers will have a powerful motivation to create truly working products. This approach will also facilitate the penetration of innovations into the market, reducing the need for excessive marketing and sales costs to generate profit. It is important to establish common market standards for technology evaluation. These already exist in some security areas (e.g., GSMA NESAS), but they are not yet widely accepted and used elsewhere.
Debate Security claims that over time, improved technologies will reduce the likelihood of successful attacks and have the added benefit of decreasing dependency on people and processes. It can also help reduce the shortage of talented cybersecurity professionals.