CompTIA Newsroom

 

CompTIA Press Releases

New CompTIA report finds steady progress on the cybersecurity front, but balancing act gets tougher for organizations

Sep 19, 2023

“State of Cybersecurity 2024” examines the tug-of-war between security, progress and convenience

DOWNERS GROVE, Ill. – Changing approaches to cybersecurity have led to slow but steady progress in defense and protection, but competing interests create a growing challenge for cybersecurity decision makers and practitioners, new research from CompTIA, the nonprofit association for the technology workforce and industry, reveals.

 A majority of business and technology professionals feel that the overall state of cybersecurity is improving, both generally and within their organizations, according to CompTIA’s “State of Cybersecurity 2024” report. They also acknowledge that the stakes have grown dramatically, with the number of cybercriminals and threats skyrocketing. At the same time, companies are capturing far more data, creating new privacy implications for customers and operational risk for their internal workflows.

“Even small gains in satisfaction are welcome, but there is plenty of room for improvement,” said Seth Robinson, vice president, industry research, CompTIA. “Businesses have begun to consider cybersecurity as a critical function. The next stage requires a multi-faceted approach of processes, policies, people and products.”

Organizations are responding on each of these fronts. Generative artificial intelligence (AI) is viewed as a tool that can help manage the growing complexity of cybersecurity. There is a heightened commitment to workforce education, including training for all staff and support for certification for technical professionals. Risk management and zero trust practices are gaining a larger footprint.

The challenge becomes even greater as organizations go through digital transformation and tie technology initiatives more closely to business success, according to Robinson.

“Excessive cybersecurity measures can hinder overall progress, but if measures are too relaxed, it can lead to serious incidents, resulting in potentially greater negative impacts,” he explained. “This balancing act is a full-time job. With technology trends evolving and attack patterns changing, true equilibrium may be impossible to achieve.”

Threat focus areas for organizations include malware, cited by 40% of U.S. respondents, ransomware (33%), firmware hacking (31%), IoT-based attacks (31%), hardware-based attacks (31%) and phishing (30%).  The potential damage from an attack can be catastrophic. Among U.S. respondents, cybersecurity incidents had a severe impact at 22% of organizations, and a moderate impact at 43%.

CompTIA believes there are four critical variables that must be considered in balancing the cybersecurity equation. The report identifies trends to watch in 2024 in these areas.

Product: Companies see a wide range of likely uses for generative AI in cybersecurity over the next two to three years.

Monitoring network traffic and detecting malware

53%

Analyzing user behavior patterns

50%

Automating response to cybersecurity incidents

48%

Automating configuration of cybersecurity infrastructure

45%

Predicting areas where future breaches may occur

45%

Generating tests of cybersecurity defenses

45%

 

People: By a slim margin, the top challenge facing organizations is a cybersecurity skill gap. To narrow the gap, half of U.S. organizations use internal training to improve cybersecurity skills, with 43% are helping employees pursue certifications to validate their knowledge.

Policy: Risk management is becoming the primary method for assessing the connection between cybersecurity efforts and business operations. Just over half of U.S. firms take a leading approach to identify and manage risks and related spending. Nearly 30% assess risks but do not use a formal risk management framework.

Process: Building cybersecurity processes and integrating cybersecurity into business workflows drives many functional decisions, from evaluating new technologies, to governance, risk and compliance, to workforce education. The general intent of any process, whether direct or indirect, is to align with the principles of a zero-trust framework. Although only 28% of firms identify a zero-trust framework as part of their strategy, more organizations are following individual practices commonly included in a zero-trust approach.

CompTIA’s “State of Cybersecurity 2024” report is based on a survey of 1,156 business and IT professionals involved in cybersecurity for organizations in six geographic regions around the world.[1] The report is available at https://www.comptia.org/content/research/cybersecurity-trends-research.

About CompTIA
The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Each year CompTIA, directly and through its global network of partners, provides millions of people with training, education and certification. To learn more visit https://www.comptia.org/

Media Contact
Steven Ostrowski
CompTIA
sostrowski@comptia.org
630.678.8468



[1] United States, Australia and New Zealand, ASEAN (Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar Philippines, Singapore, Thailand and Viet Nam), Benelux (Belgium, Netherlands and Luxembourg), DACH (Germany, Austria and Switzerland) and the United Kingdom and Ireland.

View all Press Releases

Media Resource Center

Media Contact

Steve Ostrowski

Senior Director, Corporate Communications
(630) 678 - 8468
sostrowski@comptia.org

Public Sector Media Contact

Roger Hughlett

Director, Corporate Communications
(202) 503 - 3644
rhughlett@comptia.org


Follow Us

Follow us on social media to keep up to date on CompTIA.


Media Library

Download CompTIA logos and assets from our press releases to use in your article or write-up.

Access Now
Media Resources
Press Releases
Subscribe to CompTIA News
CompTIA in the news
Media Library

CompTIA Meetings & Events

CompTIA Year End Planning Meeting (YEPM) 2024 - By Invitation

Scottsdale, Arizona
December 9 - 11, 2024

CompTIA Monthly Solution Provider Member Onboarding - December

Online
Tuesday, December 10 at 11am CT

CompTIA Community December Company Member Meetup

Online
Thursday, December 12, 2024 at 10 AM (CST)/4 PM (GMT)

View all CompTIA Meetings & Events

Fast Facts

  • $2 trillion – Estimated direct economic impact of the U.S. tech industry, representing 8.8% of the national economy.

  • 582,000 – Number of tech business establishments in the U.S.

  • 9.1 million – U.S. net tech employment at the end of 2022.

  • 286,400 – Estimated number of new technology jobs added in the U.S. in 2022.

  • 4.1 million – Number of postings by U.S. employers for tech job openings during 2022.