Cybersecurity Market Trends: Takeaways and Musings from Xconomy’s Cybersecurity Conference

There’s no doubt the cybersecurity landscape is evolving rapidly, and it is imperative that those of us responsible for marketing cybersecurity products and services stay on top of the trends and challenges that practitioners and vendors face in order to do our jobs effectively.

Given how many of our clients are in and around the cybersecurity sector, I jumped on the chance to attend this year’s Xconomy Cybersecurity conference (and I’m very glad I did!). Below are some of the takeaways I gleaned and insights I had coming out of the event. 

• Cybersecurity, by definition will never be ‘resolved’. The adversaries are always changing and evolving—and will find a way to undo whatever security measures are put in place. While a few conversations revolved around enterprises needing to adopt a post-breach mindset, we’ve also seen the importance of exploring and investing in emerging technologies that prevent breaches and attacks at the outset. More than a few of our clients are tackling security issues from both sides – taking a preventative view with security front and center in product and software development and proactively isolating issues that are already in the market – so prior or hidden vulnerabilities can be quickly addressed.
• Attackers only have to win once, and many security attacks don’t even require technical acumen. Security training should be about more than just compliance, and tools should be designed to support people processes within an organization, not just the technology. In fact, a recent report cited 58% of threats originated from ‘accidental’ insider threats—and this can happen at any level within an organization. Given the use of mobile, this is particularly tough. One of our clients, Data Theorem, tracks mobile app security and has found vulnerabilities in many of the apps we all use every day. The question remains – how deep does security control need to go to make enterprises safer?
• IoT growth will continue to compound as a security issue. IoT – especially in mainstream applications – weren’t necessarily built with a security mindset. Devices aren’t getting the patches and updates they need to close vulnerabilities, and this will only compound as more connected devices enter the landscape. Some leading companies are taking this into account early on—such as constructing smart buildings with security in mind from the ground up (an interesting project one of our network security clients, Bradford Networks, is supporting). Additionally, companies manufacturing connected products need to understand potential vulnerabilities in the firmware code itself and act accordingly. Our client ReFirm Labs just launched a solution focused on this very area.
• Midmarket is experiencing some of the greatest cybersecurity challenges and threats. Because most of these firms have few (or no) dedicated cybersecurity staff, they are most vulnerable—and most of these firms have valuable IP, PII, and known weaknesses. Security solution providers shouldn’t ignore smaller enterprises – though they should understand they may need to package and position solutions differently—especially if non-security audiences are tasked with the responsibility. One way our clients (and many others) are helping to combat this issue is via automation, since enterprises as well are often short-staffed for security expertise.
• Talent shortage remains a huge issue. There was good discussion around the large shortage of cybersecurity talent globally. Vijay Basani of Cygilant estimated it at 1M roles worldwide and 350K in the US, and this is only expected to compound as there isn’t a large enough influx of new talent. While security automation and orchestration holds much promise to offset the needs, it still has a long way to go before the majority of organizations can reap its full benefit. Firms need to get creative in how they develop and recruit talent. In fact, our client Bowdoin Group in the executive recruiting space has seen this as one of the hottest executive search areas—and prioritize the caliber of cybersecurity expertise over industry vertical expertise.
• Discussions around risk and risk transfer are (finally) reaching board rooms. The discussion is no longer about whether security should be an area of focus, but it is being treated like any other strategic business decision, as it should. Cost implications can go far beyond regulation and compliance issues (since HIPAA regulations now extend to suppliers and business partners and GDPR deadlines are looming). For many organizations, it threatens their very existence, damaging brands (think Uber), resulting in PR nightmares and decreased revenues due to lost customers. In our work with clients, we’ve focused on up-leveling the messaging to ensure that the solution is communicated effectively to business and executive audiences, not just technical users of a solution.

I’d be interested in which topics on this list resonate with others in this sector, so please feel free to reach out and connect. For those of you looking to increase the focus on your cybersecurity firm's marketing efforts, I’d encourage you to check out our eBook on cybersecurity marketing.

Natalie is the President & Founder of Magnetude Consulting. Magnetude is a marketing firm that specializes in working with entrepreneurial B2B tech sector companies looking to market the right way in today’s increasingly complex environment by providing fractional marketing department services spanning marketing strategy, messaging & content development, demand generation, sales enablement and public relations.