Next year we will see clearer evidence of a non-correlation between security investment & security performance


There is an easy prediction that we could make about cybersecurity this year. A few months ago, a group of major industry players announced the Open Security Schema Framework (OCSF), an initiative which aims to standardise cybersecurity information sharing around a common data standard. It’s a deeply promising move, and one that’s long overdue: the modern CISO can often be found grappling with how to transform a patchwork of hastily-implemented solutions into a cohesive security stance, and seamless data integration could be exactly what we need.

The truth is, though, that a fully-fledged standard will take longer to achieve than many enterprises have. Gaps between systems exist today and, despite economic headwinds, the drive for digital transformation is still there, creating an ongoing expansion of security needs. If we can’t wait for reinforcements to arrive to unpick this problem, we need to start now by auditing, rationalising, and streamlining what we’re buying for and how we’re using it security and resilience.

It can’t be overstated how chaotic structures across security solutions put organisations at risk. That’s why my real prediction is that, this year, we will see clearer evidence of a non-correlation between security investment and security performance. While global cybersecurity spending continues to skyrocket year-on-year, major organisations will still be caught out by mismatched systems, whereas those who achieve a holistic view of their security and resilience stance will fare far better.