A key finding from Cisco’s recently released CISO survey indicated that reducing network complexity is a top priority. CISOs are electing to embark on vendor consolidation, with 86 percent now using 20 vendors or less.
Network complexity is a key determinant of good or poor cyber governance, but it is not just a byproduct of decisions made by the CISO. First and foremost, it is a result of business strategy choices made by C-suites in pursuit of growth and cost savings, including:
- M&A activity — a common strategy in sectors with poor cybersecurity scores, such as healthcare, and the source of high-profile recent breaches, such as Marriott (with vulnerabilities inherited from the Starwood acquisition).
- Digital transformation initiatives—popular strategies deployed across all sectors, from banking and utilities to energy and consumer discretionary, for the purposes of increasing revenue and controlling costs. The introduction of new digital tools, sensors, and applications greatly increases network complexity and the resources required to effectively secure them.
The introduction of smart meters, new shopping apps, digital banking tools, or the purchase of a smaller niche competitor all have immediate implications for a company’s cyber posture. Strategy discussions involving technology should highlight security as much as growth and cost considerations, not just for the CISO but across the board and C-suite.
A failure to do so will ultimately put operations, profitability, and the brand at risk. This is also why investors are right to ask companies probing questions about what efforts are being taken to reduce complexity as part of better cyber governance.