From the C-suite to security operations centers (SOCs), the growing scope and scale of cyberattacks is raising security concerns to new heights. With the total annual economic impact of cybercrime estimated to exceed $10.5 trillion by 2025, CEOs are looking for more effective approaches to counter ransomware, malware, phishing, DDOS, and other cybersecurity incidents. And with SOC operators reporting that they no longer have time to review 51% of daily alerts, cybersecurity professionals are looking to AI, automation, and more seamless cloud security architectures to detect, deflect, and deter cybersecurity risk.
Meanwhile, the growth of cloud computing, mobile devices and apps, AI, the Internet of Things, and edge computing creates even more vulnerabilities to attract hackers and cybercriminals. According to IBM research, the cost of the average data breach now stands at $4.45 million globally, up 15% in a year. In the US, the average cost is as high as $9.48 million.
With the clock ticking until the next time hackers gain access, corporate and cybersecurity leaders must rethink information security strategies and restructure for resilience. This means adopting automation to give cybersecurity professionals more time to do their jobs, and integrating security solutions up-front, without stitching them together later, to deliver cyber defense outcomes that can’t be achieved incrementally.
This leap forward into the next generation of security will be built on hybrid by design information technology architecture, accelerated by AI, and delivered through a foundational and far-reaching strategy called platformization.
The average organization manages a complex security posture—engaging with more than 13 security vendors and paying for 31 different security solutions.
Fragmentation leads to fragility
In response to the increased volume of cyberattacks, many enterprises have followed a common playbook to manage cybersecurity risk: add individual solutions as necessary, on an ad hoc basis, to address network security challenges, such as ransomware attacks, malicious software, phishing, social engineering, and attacks on critical infrastructure. However, over time, this cybersecurity strategy creates a patchwork of protection with individual solutions that are not necessarily designed to fit into a broader security strategy or address all cyber threats and vulnerabilities.
As complexity impacts performance and costs continue to rise, three out of four organizations are pursuing security vendor consolidation, compared to only 29% in 2020. Recent IBM Institute for Business Value (IBM IBV) research also focuses on the issue of complexity, with a lack of common tools for stakeholders across the enterprise identified by executives as a top barrier to making progress on security and cyber defense.
A fragmented solution landscape reflects a more fundamental issue: security is not being approached strategically. Although 86% of organizations have a security strategy, IBM IBV research found that only 35% have started executing on that strategy.
Fragmentation means that the data security posture of many organizations becomes reactive and tactical rather than proactive and strategic. No one has an overall view of security risk at the enterprise level. Addressing unknown security threats without clear, overarching insights is becoming an increasingly untenable cyber risk management strategy.
Organizations that integrate security through a platform-based approach have faster incident response—55% faster response to cyberattacks and 58% faster security event remediation.
Platformization shifts the security paradigm
With the increased tempo of cyberattacks and escalating costs of security breaches, there is an urgent need to shift from piecemeal, point-based security to a seamless, platform-based approach. Platformization enables enterprises to simplify, amplify, and unify security efforts and stakeholder partnerships in ways that can’t be done when solutions designed for standalone deployment are improvised for integration, often in suboptimal and cost-intensive ways.
A strategically designed portfolio of solutions operating on a common platform is crucial for integration, enterprise-wide visibility, and easy scalability in response to emerging threats from cybercriminals. Leveraging automation, machine learning, and AI on a consolidated infrastructure security platform also addresses cybersecurity job shortages and augments cybersecurity resources.
Further, a platform-based approach enables security teams to focus on high-value tasks such as risk assessment and mitigation. Meanwhile, digital assistants and bots can handle routine tasks such as monitoring computer systems, verifying credentials to deter unauthorized access and scams, and managing multi-factor authentication.
In terms of organizational structure, a platformization-based cybersecurity plan demolishes security silos and delivers improved security outcomes more efficiently. Recent IDC research finds that organizations that integrate security through a platform-based approach operate security teams that are 34% more efficient, and lower annualized security-related platform costs by 10%.
Turning generative AI from a security risk into a security asset
Generative AI is seen by 96% of executives as a potential cybersecurity threat. They say that adopting this technology will make a security breach likely in their organization within the next three years. Although 94% of executives indicate that it’s important to secure AI solutions from hackers before deployment, it’s interesting that only 24% say that, within the next three months, they will include a cybersecurity component in generative AI projects and computer systems.
But what if the perception of AI changes from a security risk to a security asset? Can AI drive greater security and can security enable AI-driven innovation?
AI provides a holistic and dynamic view of the entire security posture, with insights and recommendations derived from endpoints, networks, servers, cloud workloads, and security information and event management systems (SIEMs). AI also automates and integrates response recommendations into more streamlined workflows.
Platformization provides a more secure and efficient way to roll out new AI applications that tackle emerging threats, such as adversarial AI. Taking a platform-wide, zero trust approach with AI also reinforces cyber defenses, enhances security postures, and bolsters resilience through improved threat detection and faster mitigation.
By using automation tools for security, organizations can increase their return on security investment by 40% or more and can reduce data breach costs by at least 18%.
Building a hybrid and secure-by-design foundation for digital transformation
When built on a hybrid cloud infrastructure and powered by generative AI, platformization makes security a fundamental part of business transformation. As organizations build open and hybrid clouds, they need to safeguard sensitive data across different environments without compromising the user experience. Security must be unified across the entire cloud estate, as well as on-premises or on edge computing, without adding complexity that could bog down the user experience.
By weaving security seamlessly into hybrid cloud and generative AI, platformization allows enterprises to exploit the full value of digital transformation. A platform-based cybersecurity framework can encompass ubiquitous cybersecurity practices end-to-end. For example, platformization expedites the scaling of firewall onboarding and the deployment of emergency change orders across thousands of firewalls.
In short, platformization generates greater efficiency, speed, and scale—attributes required of a better performing and more resilient organization. Organizations that understand and implement the platformization paradigm can be hybrid and secure by design and get a head start on capitalizing on future opportunities.
Download the research brief and learn how platformization can help organizations accelerate the move to next-generation cybersecurity and improve security postures in an era of growing cyberthreats.
Originally published 20 May 2024
