29
AlixPartners Disruption Index 2023
Global Leader of Cybersecurity
The threat environment is getting worse. Exploiting weaknesses in supply chains and
misconfigurations in cloud environments remain popular and effective with attackers, as do
ransomware attacks. The challenge for defenders is to make attacks more costly, while limiting the
risks from a successful attack.
And don't lose sight of vulnerabilities from third parties. While many organizations struggle, to keep
the focus on their internal cybersecurity program, they often fail to appropriately analyze the risk
exposure of their third-party providers.
A comprehensive view across the cybersecurity product suite can enable and empower an
enterprise to ensure the protections and optimized posture are tied to business outcomes.
Growing threats
With the accelerating levels of maturity in AI-fueled tools, is to make attacks more costly, while
limiting the risks from a successful attack weaponized by cybercriminals looking to lower the cost
and increase the effectiveness of their attacks. Look for an arms race in the coming years as AIpowered
offensive and defensive tools are increasingly leveraged by both sides.
However, organizations should be careful to first build a stable baseline of cyber defense and
should not focus on the impact of the very hyped AI threats alone.
AI's impact on cyber
With budgets flatlining as the visibility of cyber issues and expectations increases, where does this
leave security teams? There is no simple answer, but, there are opportunities for organizations to
minimize the risk to their systems and data while also optimizing their security spend.
Take a fresh look at your security risk tolerance. Does the current model still accurately reflect
the top security risks to the business, and is your security program still focused on mitigating
and measuring any remaining risks? If gaps are found, are your security program priorities and
spending targeted toward those gaps, and if not, why not?
Today, it is more critical than ever to keep breaking down silos. While this has been a priority for
many companies over the past few years, companies can't afford to take their foot off the gas now.
Effective and efficient cybersecurity is about protecting business value and success-not just IT
systems. By implementing business-centric, cloud-based policies and procedures, it's possible to
create a security-by-design framework that embeds protections into key functions.
Recommendations for success
Disruption from cyber attacks is increasingly
inevitable, and when poorly mitigated or
managed, it can lead to material costs to
shareholders, staff, and customers. Those getting
the most from their tech investments recognize
that prioritizing cybersecurity is essential.
Beth Musumeci