The Dark Side of Digitalization
Banking

The Dark Side of Digitalization

Globalization and digitization make IT systems vulnerable to attack. Investing in security is therefore essential, and hackers can actually help in this regard.

Cybersecurity was not an issue in the 1980s, when the internet was still in its infancy. Since then, however, the number and the complexity of cyberattacks have increased significantly. Today the headlines are full of ransomware epidemics, malware redirection from PCs and laptops to mobile devices, billions of unprotected or inadequately protected objects on the Internet of Things, as well as hacker attacks on companies and governments. Various sources suggest that at least 70 million different malware versions are in circulation worldwide, spread mostly via smartphones and other mobile devices. In addition, at least 70 percent of all emails are spam.

There is a latent threat that the internet could collapse due to the weight of cyberattacks.

Latent Threat

There is a latent threat that the internet could collapse due to the weight of cyberattacks. If we do not do something soon, we are at risk of lasting economic damage. During the election campaign US President Donald Trump said the issue of cybersecurity would be an "immediate and top priority" for his administration. US government expenditure on cybersecurity is therefore likely to rise, benefiting cybersecurity companies such as Cisco Systems, Palo Alto Networks, and Check Point Software.

Cybersecurity Then and Now

In the old IT world, users protected themselves with security solutions that attempted to control what was coming into and going out of their PC. But this approach is now nearing its limits: although firewalls usually stop over 99 percent of threats, the remaining less than 1 percent of threats still constitute thousands of security breaches in absolute terms given that the number of attempted attacks runs into the millions.

One of the beneficiaries of this problem is the IT security sector. We expect spending on IT security to grow significantly faster than total IT spending, and therefore account for a larger slice of the "IT cake." According to the Gartner market research institute, global expenditure on cybersecurity products and services rose to USD 81.6 billion in 2016 – a rise of 7.9 percent since 2015. The spending on security therefore amounts to just 2.4 percent of global IT expenditure, which – according to Gartner – is set to rise to USD 3.4 trillion. Gartner forecasts a growth rate of around 8 percent p.a. over the next five years, which – in our view – is somewhat conservative in light of the increasing challenges.

Network security consumes the lion's share of IT security spending (without Services)

Network security consumes the lion's share of IT security spending (without Services)

Source: IDC, CS estimates 

The Will Is Not There

Surveys suggest chief technology officers (CTOs) rank cybersecurity as one of their top three priorities. Given the potential economic damage caused by cyberattacks, a further stepping up of efforts is nevertheless required. In many cases, however, the money or willingness to increase spending on security is simply not there.

Once the security problem has been resolved, spending is reined in again.

Many businesses react on a case-by-case basis: they spend less if no immediate threats or incidents occur then suddenly go into panic mode when a threat does manifest itself – especially if such a threat is the subject of intense media coverage. Once the security problem has been resolved, spending is reined in again.

Prevention Is Better Than Cure

The CTOs who do plan their security strategy tend to opt for general preventative measures, a situation that is unlikely to change much in the next few years. In reality, however, preventative measures have not proved very effective at blocking cyberattacks. Many organizations have consequently switched to an approach centered on managed detection and response (MDR).

New Trends in Cybersecurity

We therefore anticipate further development of MDR security technologies such as security information and event management (SIEM) as well as secure web gateways (SWGs). Moreover, cybersecurity solutions are likely to become an increasingly integral component of service packages in the future – particularly since the general shortage of cybersecurity talent is already causing difficulties for companies.

Investing in state-of-the-art security technologies is essential in order to protect businesses. The same applies to investing in employee cybersecurity skills, which are not included in the Gartner estimates, and which are another growing cost factor. Talented security experts are scarce and expensive, but companies that seek to do without them for cost reasons are vulnerable to cyberattacks and risk reputational damage as well as the loss of data.

Hackers Are Sought After

Technology skills with a high degree of specialization are highly sought after and are also the best paid. Companies look for professionals with expertise in complex areas of cybersecurity such as software development, the mitigation of attacks and detection of security breaches, as well as network monitoring.

These skills are not difficult to find: it's a matter of companies winning hackers over to their own side. Hackers are motivated by money, protest, or simply a challenge, but also by a job in which they evaluate system vulnerabilities, formulate defensive strategies against potential hackers, and thus make a positive contribution to the success of a business.