target audience: TECH BUYER Publication date: Dec 2022 - Document type: IDC TechScape - Doc Document number: # US49710322
IDC TechScape: Worldwide Cybersecurity Risk Management Services, 2022
This IDC study explores the services underpinnings required to enable a successful and fully implemented cybersecurity risk management program that can either be managed by the end customer or by the service provider that built it and recommends questions that buyers and vendors in this space can ask to get actionable direction in approaching the right decisions and outcomes. The discipline and design of cybersecurity risk management services can provide a framework for orienting organizations from optimizing standard check box outcomes to optimizing a value-added program to effectively managed cybersecurity risks and a very prescriptive way as a life cycle approach that drives commitment and support from senior executives and board members throughout the different stakeholders in between.
"A well-defined cybersecurity risk management program is critical in today's ever changing and growing threat landscape," says Phil Harris, research director, IDC's Cybersecurity Risk Management Services. "Attackers are in their business for the long game where they can extract as much valuable data or intelligence over a long period of time undetected to reap as much money as possible. A key way to combat this is having an ongoing methodical approach for inspecting the depth and breadth of cybersecurity controls and maturity to cull out those new or not so apparent vulnerabilities and exposures that attackers exploit. This is an ongoing race and organizations with strong cybersecurity risk management programs will be better prepared to withstand ongoing attacks."