People Versus Process Versus Technology: Finding and Fixing the Root Cause of Cybersecurity Shortcomings

People Versus Process Versus Technology: Finding and Fixing the Root Cause of Cybersecurity Shortcomings


This IDC Perspective discusses strategies to assess the root causes of cybersecurity failures from an organizational perspective. Measured in terms of data like the average frequency and cost of attacks, cybersecurity outcomes are bad and growing worse for the typical organization. To turn this trend around, businesses must determine what the root causes of their cybersecurity shortcomings are.By assessing the state of cybersecurity resources and investments across the three classic categories of people, processes, and technologies, organizations can gain actionable insight into where their weaknesses lie. From there, they can make changes that measurably improve cybersecurity outcomes — instead of dumping more money into areas where cybersecurity resources are already adequate, or making changes that demand more time and effort from cybersecurity personnel but don't meaningfully improve cybersecurity posture."Improving cybersecurity risk posture requires knowing where your greatest weaknesses lie — whether they're your people, your processes, your technology, or a combination thereof," says Chris Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP).

Please Note: Extended description available upon request.


Executive Snapshot

Situation Overview

Cybersecurity Shortcomings: A Pervasive Problem

The Difficulty of Assessing Cybersecurity Shortcomings

Lack of Cybersecurity Metrics

Missing Context

Nonobvious Root Causes

Advice for the Technology Buyer

Example: Reducing Vulnerability Count

Learn More

Related Research

Synopsis

Download our eBook: How to Succeed Using Market Research

Learn how to effectively navigate the market research process to help guide your organization on the journey to success.

Download eBook
Cookie Settings