This IDC Perspective discusses IDC's Cybersecurity Capabilities Assessment Framework 1.0 and assesses cybersecurity readiness across seven domains. The increased complexity of modern IT estates, combined with the expansion of practices like remote work and the innovation of novel attack techniques by threat actors, makes it more difficult than ever for businesses to manage cybersecurity threats and risks. To meet the challenge, organizations must implement cybersecurity best practices across seven key domains, including:Network securityEndpoint securityIdentity and digital trustData securityApplication securityResponse, recovery, and resilienceGovernance, risk, and complianceIDC's Cybersecurity Capabilities Assessment Framework 1.0 identifies the essential practices and strategies that businesses should implement within each of these domains to minimize their risk of experiencing a breach, as well as to mitigate the impact of successful attacks in the event that they do take place. In addition to discussing technical solutions, the framework highlights the business practices — such as stakeholder education and CISO communication with other executives and the corporate board — that form the foundation of a rigorous cybersecurity strategy."On the cybersecurity front, settling for technical solutions and best practices isn't enough," says Chris Tozzi, adjunct research advisor with IDC's IT Executive Programs (IEP). "The most resilient enterprises build security into their organizational structure and make it a business priority, not merely a technological endeavor."
Please Note: Extended description available upon request.
Executive Snapshot
Situation Overview
Elements of IDC's Cybersecurity Capabilities Assessment Framework 1.0
Phases of IDC's Cybersecurity Capabilities Assessment Framework 1.0
Vulnerable Organization
Description
Business Outcome
Protected Organization
Description
Business Outcome
Resilient Organization
Description
Business Outcome
Optimized Organization
Description
Business Outcome
Domains of IDC's Cybersecurity Capabilities Assessment Framework 1.0