Page 81 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 81

The Open Secret of Cyber


                                               Security





                                       By James Bore CSyP MSyI















        There is a very open secret in Cyber Security, and it is that we are not
        doing well. Cyber Security is not a small industry, estimated just shy of
        $200 billion worldwide with expected growth around 10% per year.

        This makes it a very lucrative industry for investors, and that causes a
        problem. The foundations of the Cyber Security industry are broken
        because the motive driving the investment is about profit rather than
        security.

        This is not a unique problem; we see it reflected in countries where for-profit healthcare dominates.
        Preventive medicine is less profitable than ongoing treatments. This creates an incentive to build an
        unhealthy population who need regular treatments and interventions, instead of preventive medicines
        such as counselling to quit addictions, public sports facilities to encourage exercise, and other low-profit
        (or no-profit) measures that create a healthier population overall.

        So what does this mean In Cyber Security?


        We have recently seen several shocking drops in the share value of some of the biggest names in
        security. CrowdStrike lost 12% in a few hours in May. Darktrace was accused of overselling its technology
        in market reports, has lost 80% of its share value from its peak. The collapse of Silicon Valley Bank earlier
        this year hit technology investments in general, and Cyber Security tech seems to have been hit harder
        than most.


        This could mean a slight shift towards where we should be investing in Cyber Security, looking at security
        by design instead of security through closing stables up after horses have bolted. It’s not likely, but it is
        possible, and there are signs of improvement in some areas.

        If you spend time with Cyber Security professionals, you’ve probably heard these complaints. We all
        moan in private about investment in blinky boxes over people. We all talk about the Cyber Security skills
        gap (which is a whole separate article). You will hear that security isn’t compliant, and heavily invested
        companies who spend their money on marketing and sales instead of making their technology effective
        are a plague on the industry.


                                                            81
   76   77   78   79   80   81   82   83   84   85   86