CompTIA Research: Cybersecurity Improves During COVID-19

CompTIA Research: Organizations’ Cybersecurity Improves During COVID-19

Written by Edward Gately
October 1, 2020

Companies have a better understanding of what do about cybersecurity.

New CompTIA research shows organizations feel confident about their cybersecurity readiness, but know they need to maintain constant vigilance.

The CompTIA research is based on a survey of 425 U.S. businesses and identifies several trends that are shaping the state of cybersecurity. For example:

Eight in 10 organizations said their cybersecurity practices are improving.
The COVID-19 pandemic forced businesses to re-evaluate their cybersecurity positions and investments.
Cybersecurity has moved from an IT function to a top-level business concern. As a result, companies have taken on more advanced practices, including risk management and threat intelligence.
There is a major push for specialization in the field of cybersecurity. Those areas include threat management, proactive testing and regulatory compliance.
Cyber insurance policies are becoming par for the course, with 42% of companies currently holding a cyber insurance policy.

Growing Concerns About Cyberattacks

Growing concerns about the number, scale and variety of cyberattacks, privacy considerations, a greater reliance on data and regulatory compliance are among the issues that have the attention of business and IT leaders.

All of this is taking place amid the ongoing cybersecurity talent shortage.

Seth Robinson is senior director for technology analysis at CompTIA. He said having a well-defined focus is one way of addressing the cybersecurity skills shortage.

CompTIA’s Seth Robinson

“With skills in high demand and short supply, it is difficult to assemble all the personnel needed to handle a comprehensive security strategy,” he said. “Instead, security teams are growing, with 72% of companies that rely on external security firms saying that they use more than one firm for their security needs. Whether or not an MSSP is acting as the security operations center (SOC) for a client, they will need to be flexible in working with a number of other partners to build a holistic security posture.”

According to the CompTIA research, companies have a better understanding of what do about cybersecurity. Nine in 10 said their cybersecurity processes have become more formal and more critical. One example is risk management, where companies assess their data and their systems to determine the level of security that each requires. Another is monitoring and measurement, where security efforts are continually tracked and new metrics are established to tie security activity to business objectives.

The “cybersecurity chain” has expanded. It now includes upper management, boards of directors, business units and outside firms, in addition to IT personnel in conversations and decisions.

Within IT teams, foundational skills such as network and endpoint security have been paired with new skills. Those include identity management and application security, which have become more important as cloud and mobility have taken hold.

What’s On the Horizon

On the horizon, CompTIA expects to see skills related to security monitoring and other proactive tactics gain a bigger foothold. Examples include data analysis, threat knowledge and understanding the regulatory landscape.

“For MSSPs, one of the biggest challenges is determining which areas of cybersecurity the firm will specialize in,” Robinson said. “Just like internal security teams at other organizations, most MSSPs do not have the resources to become experts in every aspect of security, from advanced technology to risk analysis, to workforce education to regulatory concerns. Each MSSP should take a look at their existing portfolio and build a strategy on which security elements they will focus on in the short and long term.”

Cybersecurity insurance is another emerging area. Some 45% of large companies, 41% of midsize firms and 37% of small businesses have a cyber insurance policy. Common coverage areas include: