New CompTIA Report Finds Steady Progress on Cybersecurity, but Balancing Act Gets Tougher

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection, but competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to new research from CompTIA, an industry trade association based in suburban Chicago.

A majority of business and technology professionals feel that the overall state of cybersecurity is improving, both generally and within their organizations, according to CompTIA’s “State of Cybersecurity 2024” report. They also acknowledge that the stakes have grown dramatically, with the number of cybercriminals and threats skyrocketing. At the same time, companies are capturing far more data, creating new privacy implications for customers and operational risk for their internal workflows.

“Even small gains in satisfaction are welcome, but there is plenty of room for improvement,” said Seth Robinson, vice president of industry research at CompTIA. “Businesses have begun to consider cybersecurity as a critical function. The next stage requires a multi-faceted approach of processes, policies, people, and products.”

Generative artificial intelligence (AI) is viewed as a tool that can help manage the growing complexity of cybersecurity. There is a heightened commitment to workforce education, including training for all staff and support for certification for technical professionals, according to the report. Risk management and zero trust practices are also gaining a larger footprint.

The challenge becomes even greater as organizations go through digital transformation and tie technology initiatives more closely to business success, according to Robinson.

“Excessive cybersecurity measures can hinder overall progress, but if measures are too relaxed, it can lead to serious incidents, resulting in potentially greater negative impacts,” he explained. “This balancing act is a full-time job. With technology trends evolving and attack patterns changing, true equilibrium may be impossible to achieve.”

Threat focus areas for organizations include malware, cited by 40% of U.S. respondents, ransomware (33%), firmware hacking (31%), IoT-based attacks (31%), hardware-based attacks (31%) and phishing (30%). The potential damage from an attack can be catastrophic. Among U.S. respondents, cybersecurity incidents had a severe impact at 22% of organizations, and a moderate impact at 43%.

CompTIA believes there are four critical variables that must be considered in balancing the cybersecurity equation. These would include capabilities involving product, people, policy, and process.

CompTIA’s “State of Cybersecurity 2024” report is based on a survey of 1,156 business and IT professionals involved in cybersecurity for organizations in six geographic regions around the world.

Channel Impact^®
CompTIA’s “State of Cybersecurity 2024” examines the tug-of-war between security, progress, and convenience.