The spate of news and incidents of reported breaches and overzealous attempts to provide different software and technology solutions appears to be creating a cybersecurity fatigue amongst those placed in charge of managing cyber risks in organisations, both in the public and private sector.
Software, as a technology, is often treated as a solution to every potential cyber risks. Software companies encouraged organisations to keep installing new software that are supposedly able to detect, prevent and stop cyber attacks or breaches. Successful deployments are limited, with initiatives failing to match the initial market exuberance that will lead to disillusionment and buyer fatigue.
Organisations appeared to be struggling to identify how these software will be a better offering as these organizations continued to struggle to understand what cybersecurity and cyber risks are, the dangers and perils it posed, what these might mean to their business, and what problems these software could or should solve.
We hope organisations are not pursuing their cyber risk strategies based on intense pressure from the C-suite but rather investing for the purpose of really making their organisations cyber resilient. We have seen organisations not progressing beyond the pilot phase on their cyber resilient strategy, due to technological immaturity, lack of standards, overly ambitious scope and a general misunderstanding of their resource's ability to support the complex requirements and challenges in managing and monitoring a cyber resilient framework in their organisation.