September 27, 2022 By Ray Stanton 2 min read

The average cost of a data breach hit a record high of $4.35 million, a 13% increase in the last two years, according to the 2022 Cost of a Data Breach report. In addition, laws are holding board members personally liable for IT security breaches and ineffective security controls, so it’s easy to see why cybersecurity risk and compliance have become priorities in the boardroom.

CIOs and CISOs are spending heavily on cybersecurity services and technologies. Research firm Statista forecasts revenue in the cybersecurity market will reach nearly $160 billion in 2022 with a compounded annual growth rate (CAGR) of 13%. The result? By 2027 the market size will reach just shy of $300 billion.

An effective cybersecurity strategy becomes even more critical because the nature of cyber risk is continually changing. So what do we do?

Working with our clients around the world, we have learned three keys to an effective enterprise IT risk management (ITRM) strategy.

Power of automation

It can be incredibly difficult to clearly demonstrate your enterprise’s cybersecurity health and hygiene in a way that aligns with strategic and operational goals when you lack automation and the necessary staff. IT organizations cannot find, hire or afford the people they need to run their cybersecurity operations and systems.

They need tools that automate cybersecurity workflows, monitoring, data collection and analysis, testing, auditing, documentation and reporting. Effective automation reduces system compliance time, the time to generate regulatory documentation and the time to research new vulnerabilities — while alleviating audit fatigue.

Built for enterprise scale

The number of devices in an enterprise IT platform continues to grow with the interconnections between devices increasing exponentially. Software-as-a-Service (SaaS) applications in your portfolio make your IT supply chain dependent on things you cannot see or control. ITRM software platforms need to support millions of interconnected IT assets, connections and SaaS controls.

Leveraging hybrid cloud

Businesses and governments are being transformed by the cloud, making security challenges increasingly complex. The good news is that the leading cloud platforms are investing heavily in cybersecurity. The challenge is leveraging those investments as part of enterprise cybersecurity controls.

Technologies are available that allow risk managers and cybersecurity professionals to inherit security controls from the major cloud providers and integrate them with enterprise systems. In addition, application programming interfaces can be used to support specialized cloud services and legacy applications.

Bringing it all together

IBM Security recently launched a new integrated software and services solution called Active Governance Services (AGS), based on the industry-leading ITRM software platform from Telos called Xacta.

Xacta created the category of ITRM software 20 years ago and has been continually enhancing the platform to support complex enterprise IT environments with hybrid cloud, automated workflows, global best practices and compliance frameworks, and continuous monitoring and reporting.

AGS provides the strategy, people, processes and technology to identify, manage and mitigate the rapidly growing and ever-changing cyber risks faced by business and government organizations.

Learn more about this partnership in the joint webinar,  “The True Cost of Compliance and Why You Can’t Avoid It.”

More from Risk Management

Back to basics: Better security in the AI era

4 min read - The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs…

Mapping attacks on generative AI to business impact

5 min read - In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is in its nascent stages, we must establish effective strategies to secure it from the onset. The IBM Institute for Business Value found that despite 64%…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today