Identifying Market Gaps in Cybersecurity

I am seeing what I have recently started to describe as the great cybersecurity market imbalance. Here is what it looks like. One of the most underserved market segments in the US is small and medium-sized businesses. According to the U.S. Small Business Administration, - There are 33,185,550 small businesses in the United States which constitutes 99.9% of American businesses. - Small businesses employ 61.7 million Americans, totaling 46.4% of private sector employees. - From 1995 to 2021, small businesses created 17.3 million net new jobs, accounting for 62.7% of net jobs created since 1995. - Small businesses pay 39.4% percent of private sector payroll and generate 32.6% percent of known export value. Despite all the importance of the SMB market, I would estimate that over 90% of cybersecurity startups are built as enterprise-first solutions. There are good reasons for it as enterprises operate under heavy compliance scrutiny and regulatory oversight, have dedicated security budgets, experience unique and highly complex problems, and require large-scale deployments which naturally translates into large contracts. And yet, the problems of the 99.9% of the market remain unsolved. #cybersecurity #infosecnews

A topic I often discuss with Security leaders is the shortage of Cybersecurity professionals with OT experience—while they are absolutely out there, it's still a narrow market. So how do we overcome that? It seems like the appropriate time to level up our OT/ICS professionals who possess the technical skills, motivation, and desire to move into Cybersecurity. Here are a few examples of what to look for with those folks: 1 ) Assess Systemic Thinking Abilities -- OT professionals excel at understanding complex systems, a skill crucial for cybersecurity roles. Look for candidates who demonstrate a strong grasp of system interdependencies and the potential cascading effects of security breaches within these systems. 2) Evaluate Problem-Solving Expertise -- Seek out those who showcase exceptional problem-solving skills. Successful OT experts are known for their quick and effective responses to technical challenges—a trait that's gold in the cybersecurity world. 3) Prioritize Hands-on Experience -- Prioritize candidates with hands-on experience managing and securing OT environments. Those who have faced and resolved real-time security issues bring a wealth of practical knowledge to cybersecurity roles. 4) Look for Continuous Learners -- The cybersecurity field is dynamic, requiring professionals to continually update their knowledge. Identify OT professionals who invest in learning about the latest cybersecurity trends and technologies. In short, if you're an OT expert itching for a career progression into cybersecurity, or a hiring manager eager to improve your cyber defenses, let's connect. Reach out at christina.marks@stottandmay.com #CybersecurityTalent #OperationalTechnology #OTsecurity

The World Economic Forum (#WEF) published its “Global Cybersecurity Outlook Report” for 2024. The report compares 2023's findings with this year's business leaders’ perspectives on top #cyber issues and their effect on organizations around the world. The good news... The #cybersecurity economy grew exponentially faster than the overall global economy The bad news... Organizations and countries experienced that growth in exceptionally different ways, creating a big gap between #cyberresilient organizations and those that are struggling. Africa and #Latam are often under the cybersecurity poverty line. Disparity in #cyberequity is exacerbated by the #threat landscape, macroeconomic trends, industry regulation, and rising costs of access to innovative cyber services. KEY FINDINGS: - Despite making up the majority of many country’s ecosystems, #SMEs are being disproportionately affected by this disparity. SMEs showed a rapid decline (30%) in being able to maintain minimum viable #cyberresilience to meet their critical operational requirements. - As organizations race to adopt new technologies, such as generative #AI, a basic understanding is needed of the immediate and long-term implications of these technologies for their cyber resilience posture. The rapid uptake of technologies has outpaced the ability of civil society, regulators, and organizations to implement safety and security principles. - More than 45 countries will hold elections in 2024. Six areas of risk that should be noted as elections unfold: #misinformation, #deepfakes, automated #disinformation, targeted advertising, #privacy concerns, and algorithmic manipulation of #socialmedia. - Organizations in which executive #leadership is engaged in how #cyberrisk is managed are more resilient. The most important drivers of an organization’s cyber resilience are the foundational concepts of leadership support, business integration, and ecosystem collaboration. - The cyber maturity gap between large corporations and SMEs creates a systemic #supplychain security risk. Global companies must play a larger role in raising the bar for their smaller partners to prevent them from becoming #threat vectors. - 54% of organizations surveyed have an insufficient understanding of cyber #vulnerabilities in their supply chain and 41% of the organizations that suffered a #material incident in the past 12 months say it was caused by a 3rd party. - Affordability is a critical determinant of cyber resilience success. More than 60% of leaders from regions other than North America and Europe reported that their organizations do not carry #cyberinsurance. - Most leaders responded that talent and skills gaps were the highest barrier to cyber resilience, followed by securing legacy #technology and cultural resistance to change. A high percentage of cyber leaders believe the shortage of cybersecurity skilled staff is putting organizations in moderate to extreme risk of experiencing a #cyberattack.