September 27, 2022 By Ray Stanton 2 min read

The average cost of a data breach hit a record high of $4.35 million, a 13% increase in the last two years, according to the 2022 Cost of a Data Breach report. In addition, laws are holding board members personally liable for IT security breaches and ineffective security controls, so it’s easy to see why cybersecurity risk and compliance have become priorities in the boardroom.

CIOs and CISOs are spending heavily on cybersecurity services and technologies. Research firm Statista forecasts revenue in the cybersecurity market will reach nearly $160 billion in 2022 with a compounded annual growth rate (CAGR) of 13%. The result? By 2027 the market size will reach just shy of $300 billion.

An effective cybersecurity strategy becomes even more critical because the nature of cyber risk is continually changing. So what do we do?

Working with our clients around the world, we have learned three keys to an effective enterprise IT risk management (ITRM) strategy.

Power of automation

It can be incredibly difficult to clearly demonstrate your enterprise’s cybersecurity health and hygiene in a way that aligns with strategic and operational goals when you lack automation and the necessary staff. IT organizations cannot find, hire or afford the people they need to run their cybersecurity operations and systems.

They need tools that automate cybersecurity workflows, monitoring, data collection and analysis, testing, auditing, documentation and reporting. Effective automation reduces system compliance time, the time to generate regulatory documentation and the time to research new vulnerabilities — while alleviating audit fatigue.

Built for enterprise scale

The number of devices in an enterprise IT platform continues to grow with the interconnections between devices increasing exponentially. Software-as-a-Service (SaaS) applications in your portfolio make your IT supply chain dependent on things you cannot see or control. ITRM software platforms need to support millions of interconnected IT assets, connections and SaaS controls.

Leveraging hybrid cloud

Businesses and governments are being transformed by the cloud, making security challenges increasingly complex. The good news is that the leading cloud platforms are investing heavily in cybersecurity. The challenge is leveraging those investments as part of enterprise cybersecurity controls.

Technologies are available that allow risk managers and cybersecurity professionals to inherit security controls from the major cloud providers and integrate them with enterprise systems. In addition, application programming interfaces can be used to support specialized cloud services and legacy applications.

Bringing it all together

IBM Security recently launched a new integrated software and services solution called Active Governance Services (AGS), based on the industry-leading ITRM software platform from Telos called Xacta.

Xacta created the category of ITRM software 20 years ago and has been continually enhancing the platform to support complex enterprise IT environments with hybrid cloud, automated workflows, global best practices and compliance frameworks, and continuous monitoring and reporting.

AGS provides the strategy, people, processes and technology to identify, manage and mitigate the rapidly growing and ever-changing cyber risks faced by business and government organizations.

Learn more about this partnership in the joint webinar,  “The True Cost of Compliance and Why You Can’t Avoid It.”

More from Risk Management

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Back to basics: Better security in the AI era

4 min read - The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today