People Versus Process Versus Technology: Finding and Fixing the Root Cause of Cybersecurity Shortcomings

This IDC Perspective discusses strategies to assess the root causes of cybersecurity failures from an organizational perspective. Measured in terms of data like the average frequency and cost of attacks, cybersecurity outcomes are bad and growing worse for the typical organization. To turn this trend around, businesses must determine what the root causes of their cybersecurity shortcomings are.By assessing the state of cybersecurity resources and investments across the three classic categories of people, processes, and technologies, organizations can gain actionable insight into where their weaknesses lie. From there, they can make changes that measurably improve cybersecurity outcomes - instead of dumping more money into areas where cybersecurity resources are already adequate, or making changes that demand more time and effort from cybersecurity personnel but don't meaningfully improve cybersecurity posture."Improving cybersecurity risk posture requires knowing where your greatest weaknesses lie - whether they're your people, your processes, your technology, or a combination thereof," says Chris Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP).