Executive Summary: ISG Provider Lens™ Cybersecurity - Solutions and Services - U.S. 2024
The individual quadrant reports are available at:
Sophisticated threats and emerging technologies challenge enterprise growth and resilience objectives
In 2023, several high-profile data breaches and cyberattacks strengthened and drove the growth of the U.S. cybersecurity market. Data breaches in 2023 catapulted to 3,205 compared to 1,802 in 2022, affecting over 353 million individuals with compromises, including data breaches, leakage and exposure. The healthcare sector remained the primary target, witnessing more than double the number of data breach incidents compared to 2022, followed closely by the financial services industry, which experienced 744 incidents and marked a substantial increase.
Subsequently, the U.S. government heightened pressure on businesses to enhance their cybersecurity posture, resulting in several recent regulatory changes that are affecting the market:
SEC Cybersecurity Rule (July 2023): This mandate necessitates publicly traded companies to disclose cybersecurity incidents within four business days of identifying them as material influencing shareholder investment decisions.
FTC Safeguards Rule update (2023): This update broadens the Safeguards Rule’s scope, compelling non-bank financial institutions to report specific data breaches and addressing the security of health, financial and children’s data. Compliance with these updates is critical for covered institutions.
State-level privacy laws: Regulations such as the California Consumer Privacy Act (CCPA) and similar laws in Virginia, Colorado, Utah and Connecticut establish a complex network of compliance requirements that businesses must adhere to depending on their location and the data they gather.
Potential federal data privacy legislation: Momentum is growing for federal data privacy legislation in the U.S. While the specifics remain uncertain, such legislation could profoundly affect how businesses gather, store and utilize consumer data.
The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500); The NYDFS Cybersecurity Regulation establishes cybersecurity standards for financial services firms in New York. It mandates organizations to establish a strong cybersecurity program, appoint a Chief Information Security Officer (CISO), perform risk assessments, enforce access controls and report cybersecurity incidents to the NYDFS.
The U.S. cybersecurity market is dynamic, consistently pushing enterprises to grapple with evolving threats and adapt to novel technologies. These incidents have exposed vulnerabilities in critical infrastructure and software supply chains, necessitating CISOs to re-evaluate security strategies and prioritizing resilience planning.
ISG has identified the following challenges faced by enterprises in 2023 and early 2024:
Complying with a shifting regulatory landscape (2023-2024): The U.S. regulatory environment is becoming increasingly complex. Recent changes, such as the SEC Cybersecurity Rule, mandating breach disclosure; FTC Safeguards Rule updates (2023), expanding data security requirements; and the potential for a federal data privacy law create a compliance minefield. Keeping up with these changes and ensuring adherence significantly burden already stretched resources.
Mounting costs and ROI concerns: Boards and stakeholders often view cybersecurity budgets as a cost center. Implementing effective security measures requires significant investment in tools, technologies and personnel. Justifying these expenses with a clear ROI is a constant battle for enterprises. Metrics must go beyond basic security incidents prevented and demonstrate how strong security protects brand reputation, customer trust and, ultimately, business continuity.
Third-party risk management: Enterprises expose themselves to additional security risks by relying on third-party vendors and partners. Managing these risks requires robust vendor risk management programs, adding complexity to the overall security strategy.
Tool and technology consolidation: The proliferation of cybersecurity tools can lead to operational inefficiencies and information silos. Businesses are focusing on tool consolidation and adopting Security Information and Event Management (SIEM) platforms for centralized log management and threat detection.
Technology rationalization: Rationalizing existing security technology stacks to identify and eliminate redundant or outdated tools is becoming a priority. This helps streamline security operations and optimize resource allocation.
The talent gap and the cybersecurity skills shortage: Finding and retaining qualified cybersecurity professionals is a major hurdle for enterprises. The talent pool is not growing fast enough to keep pace with the evolving threat landscape and increasing demand for skilled personnel. This talent shortage creates a bottleneck, hindering the implementation of effective security strategies.
Evolving threat landscape (2023-2024): Cyberattackers are constantly innovating. Recent trends such as the rise of ransomware-as-a-service (RaaS) models, the potential misuse of generative AI (GenAI) for sophisticated phishing attacks and the growing focus on exploiting vulnerabilities in critical infrastructure and software supply chains necessitate continuous adaptation of security strategies. Enterprises need to stay ahead of the curve and anticipate future threats.
Communication and business acumen: Enterprises must translate complex cybersecurity risks and solutions into clear, actionable language for business leaders and boards. Strong communication and business acumen are crucial for gaining buy-in for security investments and ensuring that cybersecurity strategy aligns with overall business objectives.
Prioritization and resource allocation: With limited resources and a vast threat landscape, businesses need to prioritize vulnerabilities and allocate resources effectively. This requires a data-driven approach to risk management, focusing on areas with the highest potential impact in the event of a breach.
Although enterprises face complex and sophisticated threats, the market is responding to specific solutions and services that are growing in potential, including:
Passwordless IAM: Eliminating passwords through multifactor authentication (MFA) and other passwordless methods can significantly reduce the risk of compromised credentials.
Digital forensics and incident response (DFIR): The increasing frequency of cyberattacks drives the demand for robust DFIR capabilities. Investing in DFIR services ensures efficient response and investigation during security incidents.
Cybersecurity insurance: Rising cyberattacks prompt increased adoption of cybersecurity insurance. CISOs need to carefully evaluate insurance policies and ensure adequate coverage for potential breaches.
Quantum computing: While still in its nascent stages, the potential impact of quantum computing on cryptography necessitates a forward-thinking approach. CISOs should explore quantum-safe encryption solutions to prepare for potential future threats.
Risk management: Implementing robust risk management frameworks is crucial for identifying, assessing and mitigating cybersecurity risks. CISOs need to adopt a data-driven approach to risk management, prioritizing vulnerabilities based on potential impact and likelihood.
ISG’s analysis also reveals that enterprises are investing in trending and emerging technologies, including:
GenAI: While GenAI offers exciting possibilities for automation and threat detection, its potential misuse for creating sophisticated phishing attacks or crafting social engineering tactics demands a proactive approach to defense strategies. CISOs need to consider implementing security awareness training programs specifically addressing AI-generated threats.
Zero trust: The growing adoption of zero trust architectures (ZTAs), emphasizing continuous verification, minimizes the attack surface and reduces the impact of breaches. However, managing zero trust implementations adds complexity and requires skilled personnel to configure and maintain effectively.
Automation: Automating routine security tasks and leveraging AI and ML for real-time threat detection and anomaly identification are crucial for improving overall security posture. However, concerns around bias in AI algorithms and the need for skilled personnel to interpret and manage these systems remain challenges.
The cybersecurity landscape presents distinct challenges and priorities for CISOs in large enterprises and SMBs. ISG analysis reveals the differences in the approach and challenges that would help service providers align their offerings and capabilities to grow in the U.S. market. The study also reveals that service providers in the quadrants have showcased exceptional portfolios and competitiveness across these areas.
Large enterprises:
ZTA implementation: Large enterprises will prioritize ZTA implementation to avoid traditional perimeter-based security and minimize the attack surface. This requires significant investment in access controls, identity management and continuous verification processes.
Cloud security expertise: As cloud adoption rises, securing cloud environments remains a top priority for large enterprises. This includes workload protection, data encryption and robust cloud infrastructure security controls.
Advanced threat detection and response (AT&DR): Large enterprises are increasingly vulnerable to sophisticated cyberattacks. Investing in advanced threat detection and response solutions with AI and ML capabilities will be crucial for identifying and neutralizing threats before they escalate.
Third-party risk management: Large enterprises with complex supply chains face significant third-party security risks. Strengthening vendor risk management programs and conducting thorough security assessments of third-party vendors will be a key CISO priority in 2024.
Compliance with evolving regulations: The ever-changing regulatory landscape, with updates to the SEC Cybersecurity Rule and potential federal data privacy legislation, necessitates ongoing compliance efforts. Large enterprises will need dedicated resources to stay abreast of regulatory changes and ensure adherence.
SMBs:
Cost-effective security solutions: Budget constraints are a major concern for SMBs. Finding cost-effective security solutions, such as managed security services (MSS) or cloudbased security offerings, will be a top priority for SMB CISOs. These solutions offer access to expertise and technologies that might be out of reach for in-house teams.
User education and security awareness training: The human element remains a critical vulnerability for SMBs. Prioritizing user education and security awareness training can significantly reduce the risk of phishing attacks and social engineering scams.
Incident response planning and readiness: While large-scale attacks might seem like a distant threat, having a well-defined incident response plan and conducting regular simulations will be crucial for SMBs to recover effectively from any security breach.
Patch management and vulnerability management: Keeping software and systems up to date with the latest security patches is essential for SMBs. Automating patch management processes and prioritizing critical vulnerabilities will help them mitigate common exploits.
Data security and privacy: Even with limited data collection compared to large enterprises, SMBs still handle sensitive customer information. Implementing strong data security practices and ensuring compliance with relevant data privacy regulations are essential for SMB CISOs.
Key differences in priorities:
Focus on advanced technologies: Large enterprises can invest in cutting-edge solutions, such as ZTA and advanced threat detection, while SMBs may prioritize more fundamental security measures.
Budgetary constraints: Cost-effectiveness is a major concern for SMBs, influencing their choice of security solutions.
In-house expertise: Large enterprises have the resources to build dedicated security teams, whereas SMBs often rely on outsourced solutions or limited in-house expertise.
Compliance complexity: Large enterprises face a more complex regulatory landscape with stricter compliance requirements.
Threat landscape focus: Large enterprises are more likely to be targeted by sophisticated attacks, while SMBs may be more vulnerable to common phishing attempts or malware infections.
Notes of quadrant positioning: This study assesses several security services and solution providers that offer similar portfolio attractiveness in most quadrantsquali. This reflects the relative maturity of the market, providers and offerings. It is understood that circumstances vary, and not all entities are equal. The vertical axis positioning in each quadrant reflects ISG’s analysis of how well the offerings align with the full scope of enterprise needs. Readers may also observe similarities in portfolio axis (vertical axis) positioning with providers included in the ISG Provider Lens™ U.S. Public Sector Cybersecurity Solutions and Services study.
As enterprises increasingly rely on cloud applications, remote workforces and interconnected systems, the complexity and sophistication of cyberthreats have escalated. This dynamic environment requires advanced security measures that go beyond traditional perimeter defenses. As cyberthreats continue to grow in sophistication, the adoption of such cutting-edge security measures will be essential for maintaining a strong cybersecurity posture.
The necessity for advanced cybersecurity solutions such as extended detection and response (XDR) and security service edge (SSE) is driven by the evolving threat landscape, increased cloud adoption and the need for comprehensive security frameworks. These innovative platforms address critical challenges faced by enterprises, ensuring resilient and efficient protection of digital assets and business operations.
Some of the existing challenges are listed below:
Complexity in security architectures: Managing disparate security tools and solutions can lead to inefficiencies and gaps in protection, making integrated platforms such as XDR and SSE critical for streamlined operations.
Reactive threat detection and response: Traditional security measures often fail to provide real-time visibility and response capabilities. XDR leverages advanced analytics and automation to detect, investigate and respond to threats across various endpoints.
Lax data privacy and governance: Ensuring data privacy and governance in a decentralized IT environment is challenging. SSE offers centralized security policies and governance frameworks to manage data protection effectively.
Lack of scalability and performance: As organizations grow, their security solutions must scale accordingly without compromising IT or business operational performance. XDR and SSE are designed to provide scalable, high-performance security across expansive and evolving IT landscapes.
Poor user experience: Balancing robust security with a seamless user experience is essential. Enterprises require innovative solutions designed to be minimally intrusive while maximizing protection and security posture.
Extended detection and response (XDR) trends
The XDR market is witnessing various innovative trends to improve threat detection, response and the overall security posture. XDR solutions are gaining traction due to their ability to collect and correlate data across multiple security layers, including emails, endpoints, servers, cloud workloads and networks, providing a multifaceted view of the organization’s security posture.
The key trends in the XDR space are listed below:
Integration of AI and ML: One of the latest trends in XDR is the integration of AI and ML algorithms to enhance threat detection and response capabilities. These advanced technologies enable XDR platforms to identify complex threats, predict potential attacks and automate response actions, thereby reducing the burden on security teams.
Convergence with other security solutions: Another emerging trend is the convergence of XDR with other security solutions such as security information and event management (SIEM) and security orchestration, automation and response (SOAR). This convergence creates a unified security architecture, improving threat visibility, detection and response times while streamlining security operations.
Threat intelligence integration: XDR platforms increasingly integrate with threat intelligence feeds to enhance threat detection and response. Combining internal security data with external threat intelligence allows XDR solutions to provide contextual insights into potential threats. This helps security teams to make informed decisions and prioritize their response efforts.
XDR for cloud and SaaS environments: As organizations continue to adopt cloud and SaaS applications, XDR solutions are expanding their coverage to include these environments. Cloud-native XDR platforms can monitor and secure cloud workloads, containers and serverless applications while providing visibility on SaaS application usage and potential risks.
Threat and compromise detection capabilities: XDR solutions incorporate user and entity behavior analytics (UEBA) capabilities to detect insider threats and account compromises.
UEBA uses ML algorithms to analyze user behavior patterns and identify anomalies that could indicate malicious activity, helping organizations detect and respond to threats that might otherwise go unnoticed.
XDR enhancing security for ICS and OT environments: As the threat landscape for industrial control systems (ICS) and OT environments continues to evolve, security experts are tailoring XDR solutions to address these systems’ unique security challenges. XDR for ICS and OT can monitor and analyze data from specialized industrial control systems, detecting threats early and enabling rapid response to minimize potential damage.
Compliance and regulatory support: With the increasing focus on data privacy and security regulations, organizations are enhancing XDR solutions to meet compliance requirements.
Enterprises are navigating a dynamic landscape characterized by increased adoption of cloud environments and evolving cyberthreats, necessitating security solutions that are scalable, flexible and robust. SSE solutions address these challenges by providing centralized visibility, advanced threat detection powered by AI and ML and seamless policy enforcement across all endpoints. By adopting SSE, organizations can ensure secure access to applications and data from any location, maintain compliance with regulatory standards and safeguard against data breaches and insider threats, thereby supporting business continuity and resilience in the face of a constantly changing threat landscape.
Challenges addressed by SSE Solutions are listed below:
Security of cloud applications: The proliferation of cloud services creates security complexities. SSE centralizes security policies and enforces consistent access control across all cloud applications.
Remote workforce security: With more employees working remotely, traditional perimeter-based security models become less effective. SSE provides secure access to cloud applications from any location, regardless of the device.
Data loss prevention (DLP): Data breaches and leaks are major concerns. SSE helps prevent sensitive data from being exfiltrated by enforcing DLP policies and data encryption across cloud services.
Shadow IT: Employees often use unsanctioned cloud applications. SSE provides visibility into shadow IT usage and allows for secure access control even for unapproved applications.
Complexity of security management: Managing multiple security point solutions can be complex and time consuming. SSE offers a unified platform for managing security policies across all cloud applications.
The SSE market is experiencing significant growth due to the increasing adoption of cloud applications, remote workforces and the need for a consolidated security approach.
Key trends shaping the market are listed below:
Cloud-native architectures: As businesses migrate to cloud environments, they adopt cloud-native security solutions that scale with workloads and support dynamic, distributed setups.
Convergence of security and networking: There is a growing trend to integrate networking and security functions into a single platform, streamlining operations and reducing the complexity of managing security and network performance.
Integration of SWGs and CASBs: Secure web gateways (SWGs) and cloud access security brokers (CASBs) are converging into comprehensive SSE solutions, providing unified threat protection, DLP and access control for cloud services.
Emphasis on zero trust security: SSE solutions are increasingly incorporating zero trust principles, granting access based on least privilege and continuous verification, enhancing security by minimizing the attack surface and lateral movement within the network.
SASE adoption: SSE is a foundational element of secure access service edge (SASE) architectures, which integrate network security and cloud access security into a unified cloud-delivered service.
AI and ML integration: SSE solutions leverage AI and ML to automate threat detection, improve anomaly identification and personalize security policies based on user behavior.
Focus on user experience: Balancing security with UX is crucial. SSE solutions are designed to be transparent to users, ensuring minimal disruption to their workflow while maintaining robust security.
Unified management consoles: There is a trend toward developing unified management interfaces that consolidate various security functions into a single dashboard, simplifying administration and providing a holistic view of the security landscape.
User and entity behavior analytics (UEBA): UEBA tools analyze the behavior of users and entities to identify potential security threats. By establishing baselines and detecting deviations, UEBA helps identify anomalous activities.
Identity-centric security: Emphasis on identity and access management (IAM) is becoming central to security strategies, ensuring that only authenticated and authorized users can access resources.
As businesses prioritize robust cybersecurity and navigate the complexities of the digital environment, the demand for innovative solutions such as XDR and SSE will be at the forefront of safeguarding their digital assets. As cyberthreats become more sophisticated and businesses rely increasingly on cloud services, XDR and SSE will be crucial in safeguarding enterprise security.
Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.