Wednesday Sep 20, 2023
The Cybersecurity Efficacy Gap w/ AJ Grotto
Allan is joined by AJ Grotto: William J. Perry International Security Fellow and Founding Director of the Program on Geopolitics, Technology and Governance at Stanford University. He also serves as the faculty lead for the cyber policy specialization that the university offers through its master's in international policy program . He’s also a visiting fellow at the Hoover Institution. He’s talking with me today about Cybersecurity spend vs. cybersecurity efficacy. AJ, thanks so much for coming on down to ‘The Ranch!
The below points are mostly followed, but the pair also get into CISOs embracing risk, CISOs owning risk, and buying 'lemons' in the cybersecurity market:
- So Cybersecurity Ventures says 2023 spending is growing 15% year over year. Between awareness training and tech stack, they are estimating $198+ billion in spend this year on cybersecurity. Techcrunch analyzed the estimated shrinkage of budgets this year based on economic conditions: 45% of budgets remain unchanged or even increased. 3% of budgets were cut by an average of 21.2%. So these figures hold close to steady despite the economic downturn. We spend more and more on cybersecurity every year. When does this end?
- Conversely, InfoSecurity Magazine says ransomware attacks surged by 74% in 2023. Wired reports an increase for 2023 as well. We can dig into Verizon and IBM annual reports to see generally trends of year-over-year increases as well. Verizon shows 13% increase with a curve that’s trending upward more quickly each year. What gives?
- How do we solve this? How do we bridge this gap?
- Tactically, we have tech stacks and awareness training and GRC. What is our spend story there vs. this looming threat landscape?
- Is the solution to spend less, but more intelligently? In other words, crafty rationalization where we still get full coverage, but spend less?
- If we can never close the gap between spend and threat, what are we to do?
Sponsored by our good friends at Seraphic Security.
Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.