Filling the cybersecurity void [Commentary]

snagfilms-a.akamaihd.netempty-control-room-d59ce44809245bfbd4786aef021dcdfb67989c97-1.jpg

There have been a number of new entrants into the cybersecurity marketplace lately, and for good reason.

In fact, funding for such startups reached an all-time high! Some of the new entrants are touting cybersecurity solutions that leverage artificial intelligence or some other new or emerging technologies, while others have common offerings. The issue, threats, challenge and overall need for such products and services are growing, rapidly driving the need.

When it comes to cybersecurity, there is so much at stake. The Ponemon Institute 2016 Cost of Data Breach Study determined that the total cost of a data breach was $4 million per year. This is easily dwarfed by the loss of customer/investor confidence as well as the overall disruption a beach can cause.

With so much on the line, is it a good idea to use a new firm with little or no experience? For sure the new entrants face a significant amount of resistance. Here is a look at just a few of the challenges:

  • Competing for the scarce cyber resources will certainly be a challenge and would likely drive up human resources costs.
  • Competing against the massive number of organizations with years of actual experience, references, internally developed tools and metrics.
  • Providing references in response to requests for proposals is always a huge challenge for new entrants. Where will they come from, or will they use references from employees’ past working relationships?

Can an organization justify the additional risks of going to the newbie that has little or no company experience? It would be a sure bet that some newbie will compete on price. However, the lower, short-term costs can end up way more expensive in the long run.

Many of those that I asked believe that new and unique approaches to cybersecurity is likely to be the dominant differentiation for new entrants in the cybersecurity field. This demands close monitoring, to be sure, and careful evaluation of the risks associated with using these new entrants for an organization’s cybersecurity requirements.

There will be mistakes. We all make them. Remember: Cyberattacks are continuously evolving, and a comprehensive book or course one can take to provide all the info and skills needed in this space does not exist. Experience is the best education, and there is no substitute.