The past two years have only reinforced that cybersecurity and privacy cannot be taken lightly. As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents and a 20% increase in reported losses, compared with the same time frame in 2020. Alternatively, European regulators have levied 340 fines and penalties in 2020 and 438 in 2021, according to the General Data Protection Regulation Enforcement Tracker. Cybersecurity and privacy leave a lasting impact on a company when executed correctly. Failing to prioritize them lingers for years, as breaches lead to costly investigations, regulatory fines, increased scrutiny of third parties, and losses in customer trust.

Current State

Future fit organizations use strategies that are adaptive, creative, and resilient. Our research helps firms transform cybersecurity and privacy from operationally focused silos to integrated elements tech execs require. Our current research portfolio eliminates the gaps between cybersecurity and privacy and the rest of the organization by embedding cybersecurity and privacy throughout the organization, using a risk-based approach to decision-making. This will help tech execs to:

  • Anticipate the next evolution in threat actors and a fragmented legal and regulatory landscape.
  • Demystify cybersecurity and privacy for the board of directors.
  • Use cybersecurity and privacy to generate revenue through product security.
  • Assess their current cybersecurity and privacy maturity and select the best partners.

What’s Coming Next

Tech execs must evolve their cybersecurity and privacy practices to match new threats and ensure confident customer and employee interactions. Our new research will show how tech execs must pivot, including topics such as:

  • Cybersecurity. Lots of organizations spent decades avoiding cybersecurity until forced to interact through policies and process gates. An upcoming report — following a presentation at Forrester’s Security & Risk 2021 event, “Security Matters, Now What?” — will detail how to handle the increased importance and visibility of cybersecurity across the organization.
  • Cyber risk quantification. Increased importance leads to budget increases, and budget increases inevitably lead to more scrutiny. Between boards of directors and third-party relationships, tech execs need data as evidence. Paul McKay will lead research on how to obtain detailed financial figures on the value of what’s protected now and what’s at stake.
  • Cyber insurers. This is another external entity that wants this data. Growth in ransomware-as-a-service business models caused cyber insurers to become more strict in their requirements and demand more evidence than ever before. Heidi Shey will lead a primer for tech execs to capture the requirements, limitations, and offer guidance on how to set expectations on cyber insurance for the rest of the organization.
  • Talent retention. The “Great Resignation” would be better described as a “Great Shuffle,” as people in the tech, cybersecurity, and privacy sector aren’t exactly leaving the workforce. Instead, they’re leaving jobs for new ones with better compensation, culture, and location. In some ways, cybersecurity and privacy pros might not have understood what the big deal was, since those jobs were already scorching hot and in demand well before 2020. Jess Burn’s research on succession planning converts a staffing shortage into a leadership pipeline. This, paired with Jinan Budge’s culture research, will help tech execs create a talent development program that will improve retention, help maintain positive culture, and make your cybersecurity and privacy programs a desirable destination for external candidates and a place your current security pros want to stay.

Reach out to your Forrester account team for more information on how to access the content mentioned above, and feel free to share your feedback on what you’d like to see next!