We are pleased to present the findings of the 2015 Global Megatrends in Cybersecurity, sponsored by Raytheon. The purpose of this research is to understand the big trends or changes that will impact the security posture of organizations in both the public and private sector in the next three years. Moreover, the study looks at the next generation of protocols and practices as the cybersecurity field evolves and matures.
We surveyed 1,006 senior-level information technology and information technology security leaders (hereafter referred to as respondent) in the US, UK/Europe and Middle East/North Africa (MENA) who are familiar with their organizations’ cybersecurity strategies.
The research covered a range of trends related to an organization’s ability to protect itself from
cyber threats and attacks. Some of the areas addressed in this report are: the critical disconnect
between CISOs and senior leadership, insider negligence, the Internet of Things, adoption of new technologies such as big data analytics, predictions of increases in nation state attacks and
advanced persistent threats and the dearth of cyber talent.
Based on the findings of the research, there are seven mega trends that will significantly impact
the cybersecurity posture of organizations in the following areas: disruptive technologies, cyber
crime, cost of compliance, the human factor, organizational and governance factors and enabling security technologies. Following is a summary of these seven mega trends and implications for companies.
1. Cybersecurity will become a competitive advantage and a C-level priority. As part of this study, we asked a panel of cybersecurity experts to predict changes to several normatively important characteristics concerning the role, mission and strategy of security.1 A total of 110 individuals with bona fide credentials in information security provided their three-year predictions. Only 25 percent of respondents believe their organization’s C-level views security as a competitive advantage. However, 59 percent of respondents in the expert panel say C-level executives will view security as a competitive advantage three years from now.
2. Insider negligence risks are decreasing. Due to investments in technologies, organizations will gain better control over employees’ insecure devices and apps. Training programs will increase awareness of cybersecurity practices. A lack of visibility into what employees are doing in the workplace will become less of a problem in the next three years.
3. Cyber crime will keep information security leaders up night. There will be significant
increases in the risk of nation state attackers and advanced persistent threats, cyber warfare or
terrorism, data breaches involving high value information and the stealth and sophistication of
cyber attackers. In contrast, there are expected to be slight improvements in mitigating the risk of hacktivism and malicious or criminal insiders.
4. The Internet of Things is here but organizations are slow to address its security risks.
The Internet of Things is the expanding network of billions of connected devices that are
permeating our daily lives—from the computers inside our cars to our WiFi enabled appliances,
from wireless medical devices to wearable device.
Because consumers are embracing more connected devices, information security leaders predict that the Internet of Things will be one of the most significant disruptive technologies in the near future.
5. The cyber talent gap will persist. Respondents in three regional samples hold a consistent belief that their organizations need more knowledgeable and experienced cybersecurity practitioners (i.e., the cyber talent gap).
6. Big shifts in new technologies towards big data analytics, forensics and intelligence based cyber solutions. The following technologies will gain the most in importance over the next 3 years: encryption for data at rest, big data analytics, SIEM and cybersecurity intelligence, automated forensics tools, encryption for data in motion, next generation firewalls, web application firewalls, threat intelligence feeds and sandboxing or isolation tools
7. Despite alarming media headlines, cybersecurity postures are expected to improve. The majority of respondents say their cybersecurity postures will improve for the following reasons: cyber intelligence will become more timely and actionable, more funding will be made available to invest in people and technologies, technologies will become more effective in detecting and responding to cyber threats, more staffing will be available to deal with the increasing frequency of attacks and employee-related risks will decline.