Page 81 - SyI Quarterly - Q3 and Q4 Edition 2023
P. 81
The Open Secret of Cyber
Security
By James Bore CSyP MSyI
There is a very open secret in Cyber Security, and it is that we are not
doing well. Cyber Security is not a small industry, estimated just shy of
$200 billion worldwide with expected growth around 10% per year.
This makes it a very lucrative industry for investors, and that causes a
problem. The foundations of the Cyber Security industry are broken
because the motive driving the investment is about profit rather than
security.
This is not a unique problem; we see it reflected in countries where for-profit healthcare dominates.
Preventive medicine is less profitable than ongoing treatments. This creates an incentive to build an
unhealthy population who need regular treatments and interventions, instead of preventive medicines
such as counselling to quit addictions, public sports facilities to encourage exercise, and other low-profit
(or no-profit) measures that create a healthier population overall.
So what does this mean In Cyber Security?
We have recently seen several shocking drops in the share value of some of the biggest names in
security. CrowdStrike lost 12% in a few hours in May. Darktrace was accused of overselling its technology
in market reports, has lost 80% of its share value from its peak. The collapse of Silicon Valley Bank earlier
this year hit technology investments in general, and Cyber Security tech seems to have been hit harder
than most.
This could mean a slight shift towards where we should be investing in Cyber Security, looking at security
by design instead of security through closing stables up after horses have bolted. It’s not likely, but it is
possible, and there are signs of improvement in some areas.
If you spend time with Cyber Security professionals, you’ve probably heard these complaints. We all
moan in private about investment in blinky boxes over people. We all talk about the Cyber Security skills
gap (which is a whole separate article). You will hear that security isn’t compliant, and heavily invested
companies who spend their money on marketing and sales instead of making their technology effective
are a plague on the industry.
81