Where Risk Management and Security Stand One Year into the Pandemic; New Forrester Findings
Firms realize they need to get better at expecting the unexpected, but many haven’t gone far enough to put in the necessary processes in case of another event of this scale.
The pandemic highlighted the rigidity of their supply chains — too long, lean, and geographically concentrated to pivot in response to shifting customer demand.
Priorities have shifted to more operational matters in the SOC and CISOs are now heavily involved in efforts to modernize IT and enable the future of work by helping accelerate the shift in workloads to the cloud.
One year ago, COVID-19 was declared a global health emergency, impacting all sectors virtually overnight. With the pandemic hitting this benchmark, Forrester analysts are available for interviews to discuss how specific sectors have been impacted these past months worldwide, as well as what 2021 will look like as we keep adjusting to this “new normal.”
The below insights explore risk management and security trends:
From Senior Analyst Alla Valente:
“Firms were not prepared for a pandemic. In fact, among the Fortune 50 companies, I believe only one had pandemic listed as a risk in their 10K.
“The pandemic highlighted the interconnectedness of risk categories and how unforeseen crisis in one area has a cascading effect across the enterprise.
“Presently, firms realize they need to get better at expecting the unexpected, but many haven’t gone far enough to put in the necessary processes to make significant impact in case of another event of this scale. Partially because they see COVID as a once in a hundred-year flood that won’t come again for another 99 years.
“The pandemic highlighted the rigidity of their supply chains — too long, lean, and geographically concentrated to pivot in response to shifting customer demand. In some cases scale production (toilet paper, paper towels, household items, cleaners, and web cameras included) but in other cases pivot to other products or delivery methods (some retailers without online presence needed to scale quickly).
Also, vaccine rollout and distribution is still very much dependent on supply chain (i.e. do we have enough gloves, specific syringes, trained staff to administer?).
“Vaccine rollout gives hope that there is a light at the end of the tunnel, so long as firms understand that there are too many unknowns to set plans in stone. They can plan for reopening, but need to continuously monitor trends, connect with employees to gauge sentiment, and be mindful of how their actions will be perceived in the market (reputational risk).”
Senior Analyst Paul McKay (Based in Europe):
“Security leaders have never been busier during the pandemic. They played their part in enabling the shift to remote work to preserve human safety from the virus and have been absolutely fundamental to the effort to keep business running, without compromising security in the longer run. As we emerged from the immediate crisis, we’ve seen that security leaders are hampered by being asked to do more with less and have to find ways of stretching their budgets to achieve the same or more security goals, all while being fully remote from their teams.
“Last year also saw some security professionals making emergency technology purchases to react swiftly to the emerging crisis. While considered necessary at the time, with budgets and value for money for security being continually challenged, CISOs will want to take a step back and re-evaluate whether these purchases are right in the long term. I expect to see a lot of bonfires of redundant security tools happening, with a continued drive towards vendor consolidation and security simplification efforts.
“Priorities have shifted to more operational matters in the SOC and CISOs are now heavily involved in efforts to modernize IT and enable the future of work by helping accelerate the shift in workloads to the cloud. This has raised interest amongst European security leaders in the Zero Trust model for security, as prior models proved themselves inadequate to the task of securing a remote workforce during and post-pandemic.
“One year on from the start of the pandemic, CISOs are under pressure to deliver value for money for spend, with workforce shortages, hiring freezes and a more distributed and bigger attack surface to defend themselves against. To say they have a big load on their plate would be classic understatement.
“Looking ahead, security professionals in Europe are going to be focused on enabling a hybrid work model, which will continue many of the trends we saw last year (i.e. acceleration of cloud). We will start to see a return to offices at least domestically later this year, though international travel might be later. This means security professionals will still have the challenges of securing a remote workforce whilst having a population of workers in the office. This makes initiatives to implement a Zero Trust model and to eliminate this trust distinction even more critical.”
To reach out to either analyst or to read more, please visit www.Forrester.com.