2024 Cybersecurity Buyers Report: Insights and Guidance for Cyber Builders - Part 1
A gold mine for newcomers, founders, sales and marketing teams.
Hello Cyber Builders 🖖
Have you ever stopped to consider how unique the cybersecurity industry is? I had this conversation with seasoned entrepreneurs who joined Cybersecurity and discovered some unique aspects of how we do business in this industry. It sometimes feels odd for many.
A recent collaboration between Actual Tech and the Cybersecurity Marketing Society has published a report that is a gold mine for those in the trenches. The "2024 Cybersecurity Buyers” is filled with insights, trends, and actionable advice that could shape our strategies and decision-making processes.
I aim to craft a concise yet comprehensive guide—a vademecum, if you will—highlighting the key takeaways from the report. But consider this an appetizer; the main course awaits in the report itself, and I highly encourage you to explore it.
I plan to split this analysis over several weeks to make it easier to read. Part 2 will be published in the next weeks. So subscribe below, and stay tuned for the next episode!
Don’t expect Security teams to be that big and build
As we keep reading news reports about cyber attacks and ransomware, we should expect numerous staff working on Cybersecurity. The "2024 Cybersecurity Buyers Report" unveils a surprising revelation: a significant portion of cybersecurity teams (48%) comprises merely 2 to 5 individuals. This statistic remains accurate even when zooming into larger enterprises, where, despite a workforce exceeding 5,000, these lean teams still represent 20% of the cybersecurity force.
What does this mean for the industry? Firstly, it underscores a critical challenge in scalability. With such compact teams still having extensive responsibilities—securing the whole company against always-moving threats—efficiency and productivity become paramount.
The report signals a clear message: the tools and solutions from Cyber Builders need to be lean and intuitive. The luxury of time to pore over elaborate dashboards or fine-tune settings is a commodity few can afford. Cybersecurity professionals are constantly racing against time, with higher stakes than ever.
Moreover, 41% of teams surveyed admit to a lack of maturity in their practices, which are often not repeatable and heavily dependent on the individuals within the team. That’s why the industry needs to pivot towards more effective, resilient, and adaptable solutions, irrespective of the team's size or the individuals involved.
The Surprising Disconnect: High EDR Adoption vs. Low SecOps Engagement
The "2024 Cybersecurity Buyers Report" shows a discrepancy in adopting cybersecurity technologies and practices. An overwhelming 91% of organizations have fortified with Endpoint Security, including traditional antivirus solutions and their more sophisticated counterparts, Endpoint Detection and Response (EDR) systems.
However, the plot thickens when we examine the statistics surrounding the adoption of Security Operations (SecOps). Only 48% of organizations report having a SecOps function in place.
This discrepancy raises a fundamental question: What's the point of collecting and detecting endpoint data if there's no robust mechanism to manage, analyze, and respond to this information?
This gap between EDR adoption and SecOps engagement reveals a critical oversight in many organizations' cybersecurity strategies. With their advanced features for detecting and neutralizing threats, endpoint security tools are only as effective as the systems and processes in place to interpret and act on the data they generate. Without a dedicated SecOps team or function, organizations risk being overwhelmed by the sheer volume of alerts and data, potentially missing crucial alerts.
We must shift our mindset and invest in expertise to use security tools effectively. Building or enhancing Security Operations capabilities is crucial to turning data into actionable intelligence for timely decision-making against cyber threats. Cyber Builders should integrate technology with robust operational practices to fully harness the potential of cybersecurity investments and safeguard digital realms.
Outsourcing in Cybersecurity is All About Bridging Skill Gaps and Enhancing Operations
As the digital landscape evolves, so does cybersecurity teams' strategic approach. The "2024 Cybersecurity Buyers Report" highlights a significant trend shaping cybersecurity operations' future: the growing reliance on outsourcing.
62% of respondents indicate that their move towards outsourcing is driven by the need to fill skill gaps within their teams. This insight reminds us that the rapid pace of technological advancements and emerging threats is faster than the ability of many in-house teams to adapt and respond effectively. Outsourcing is a way to scale, hire, and improve skillsets.
This shift towards external expertise most impacts Endpoint Detection and Response (EDR) and Security Operations (SecOps), with 31% and 26% of outsourcing efforts directed toward these categories, respectively.
Collaborating with external experts can boost operational efficiency and strengthen cybersecurity. Security and IT Teams recognize where their strengths lie and embrace outsourcing to remain resilient against evolving threats. Cyber Builders must adapt and suggest better services and product offerings to match that demand.
Resiliency and Proactive Risk Reduction Are Top of Mind
The conversation around IT resiliency has been gaining momentum, a trend I explored in depth in "Resilience is the New Black."
In this evolving narrative, cybersecurity's role in bolstering corporate IT resilience cannot be overstated.
Priorities like cost optimization and cloud migration stand out, and the concept of resiliency urges us to consider how to survive attacks and emerge more robust and more prepared for them.
Another stronger-than-ever desire is for proactive solutions. A striking 77% of respondents prefer products that actively reduce risk. This underscores a fundamental shift in the cybersecurity mindset: it's not just about bouncing back from attacks; it's about preventing these threats from materializing in the first place.
How to do it? It’s up to you and your team. I think it must be particular to your product and offering. But your value proposition must add resilience AND proactive risk reduction.
Conclusion
Lean cybersecurity teams underscores the urgent need for solutions that are effective, intuitive and quick to deploy. With a substantial segment of these teams grappling with a lack of mature practices, the call for more resilient and adaptable cybersecurity tools becomes even louder.
For Cyber Builders and industry stakeholders, the report is not just a resource; it's a roadmap.
Thank you for joining me on this insightful journey. As we continue to dissect and discuss the evolving cybersecurity landscape in upcoming posts, remember that the power to shape the future of cybersecurity lies in our collective hands.
Subscribe to keep abreast of the latest trends, insights, and strategies that will keep you at the forefront of cybersecurity innovation.
Laurent 💚
very interesting !