San Francisco ― The RSA Conference ― AT&T and WillJam Ventures, through their joint venture, unveiled their initial findings in the 2024 LevelBlue Futures Report: Cyber Resilience at the RSAC Conference on Tuesday. This announcement came just a day after the official launch of their new company.
LevelBlue, a new standalone managed cybersecurity services business, officially launched on May 6 at the RSAC. Formed through a joint venture between AT&T and WillJam Ventures, an investor with substantial experience in the cybersecurity sector, LevelBlue starts with a robust global workforce of over 1,000 employees. AT&T holds a minority ownership stake in the venture and retains representation on the board.
The research presented at the RSAC Conference reveals that businesses often adopt varied approaches to cybersecurity resilience, face entrenched obstacles, and encounter varying levels of engagement from senior executives on issues of cyber resilience. Notably, while 85% of survey participants perceive that advances in computing technology are escalating risks, 74% acknowledge that the benefits of these innovations surpass the increased cybersecurity risks involved.
Furthermore, the study highlighted that less than half (47%) of the survey respondents reported having standardized cybersecurity processes, and only 35% have formalized incident response plans in place. Additionally, 61% of respondents indicated that there is a significant lack of understanding about cybersecurity at the board level, suggesting a gap in strategic oversight that could impact organizational resilience.
Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity/LevelBlue, expressed concern in a written statement, saying, “Businesses are less resilient than they should be, despite multiple high-profile cyberattacks and the recognition that any widespread interruption to computing would be catastrophic for most. Our research indicates that although cybersecurity can facilitate safer innovation and thereby yield better outcomes, most respondents admit that their cybersecurity efforts are either siloed or treated as an afterthought.”
Lanowitz emphasized the importance of viewing cybersecurity as a fundamental business function and adopting a proactive approach to risk management. She noted, “By recognizing cybersecurity as integral to business operations and prioritizing proactive risk management, businesses can adeptly handle the complexities of dynamic, boundaryless computing environments.”
Additional key findings from the report revealed several critical insights into organizational attitudes toward cybersecurity:
- Leadership and Governance: 63% of respondents reported that their leadership does not prioritize cyber resilience, while 72% indicated that their governance teams lack a thorough understanding of it.
- Visibility and Digital Transformation: 56% of participants have limited visibility into their IT estate, complicating their cybersecurity efforts. Additionally, 72% view ongoing digital transformation initiatives as barriers to achieving cybersecurity resilience.
- Outsourcing Cybersecurity: The adoption of Cybersecurity-as-a-Service (CSaaS) is increasing, with 32% of organizations choosing to outsource their cybersecurity needs to handle complexities better and focus on core business functions.
- DDoS and Nation-State Attacks: 40% of respondents recognize distributed denial-of-service (DDoS) attacks as a likely threat, yet an equal percentage lack confidence in their ability to manage such attacks. Moreover, 42% express concerns about their capacity to handle nation-state cyberattacks, citing risks to critical infrastructure and the potential for public distrust and espionage.
- Budgeting and Compliance: 77% of surveyed entities acknowledged that their cybersecurity budgets are reactive, not proactive, with 46% stating that compliance requirements are most likely to drive budget decisions.
- Measuring Impact: A significant 78% of respondents believe that the traditional method of measuring cybersecurity investments through return on investment (ROI) is outdated, suggesting a need for new metrics to assess the effectiveness and value of cybersecurity initiatives.
To best achieve cyber resilience, the LevelBlue Futures Report recommends the following steps:
- Identify the barriers to cyber resilience: Pinpoint internal and external challenges that impede effective security measures.
- Be secure by design: Ensure that cybersecurity features are integral from the early stages of product and service development.
- Align cyber investment with business: Ensure that cybersecurity investments are aligned with overall business objectives to enhance efficacy and resource allocation.
- Build a support ecosystem: Include both internal stakeholders and external partners to foster a comprehensive security network.
- Transform cybersecurity strategies: Continuously adapt cybersecurity strategies to respond to evolving threats and technologies.
Bob McCullen, Chairman and CEO of LevelBlue, commented on the launch of the LevelBlue Futures Report, stating, “The release of this report is a testament to our commitment to provide the latest research to the industry. It aims to help organizations better prepare for cyberattacks, allocate IT budgets more efficiently, and ultimately achieve greater cyber resilience. We are excited to continue offering forward-looking, vendor-neutral industry research that informs our customers and shapes the future of the industry.”