IDC predicts that by 2025, 45% of CEOs, fatigued by security spending without predictable ROI, will demand security metrics and results measurement to assess and validate investments made in their Security programs.
The move towards the digital-first era, where digital models are leveraged for better productivity, growth, and financial gains, has caused organisations in the region to take a more strategic approach towards security.
Slowly, digital trust is becoming an underlying theme of all digital engagements, and with it, its implications, such as data security, privacy, and sovereignty, risk mitigation, transparency, and even environmental, social, and governance (ESG).
“Asia/Pacific organisations understand the importance of gaining digital trust from consumers and partners. The goal is to digitally transform themselves and create greater confidence in security, safety, privacy, and reliability throughout the business ecosystem,” says Christian Fam, research manager for security and trust research, IDC Asia/Pacific.
He adds that Asia/Pacific organisations understand that cybersecurity continues to be a key pillar to gaining a competitive advantage in this digital-first world.
Top 10 Future of Security & Trust predictions
#1: Autonomous SOC: By 2026, 25% of large enterprise organisations will migrate to autonomous security operations centres accessed by distributed teams for faster remediation, incident management, and response.
#2: PbD privacy engineer: By 2025, 20% of organisations will employ privacy engineers to operationalise Privacy by Design principles into IT systems, processes, and product development strategies.
#3: Confidential computing: By 2025, 15% of heavily regulated organisations will adopt Confidential Computing technologies to combine and enrich sensitive data critical to multiparty compute applications while preserving privacy.
#4: Data sovereignty controls: By the end of 2025, 40% of major enterprises will mandate data sovereignty controls from their cloud service providers to adhere to data protection and privacy regulatory requirements.
#5: CaaS: By 2026, driven by steep regulatory growth, talent gap and cost efficiencies measures, 25% of organisations will invest in compliance-as-a-service offerings to meet their regulatory mandates.
#6: Continuous risk assessment: By 2027, 45% of Asia-based 2000 companies will adopt continuous risk assessments over annual security audits, leveraging service providers to limit the burden of policies, practices, and technical debt.
#7: Cyber risk scoring: By 2025, the SEC will publish the standards for cyber risk scoring, and publicly traded companies will be required to update and report this score on an annual basis.
#8: ESG metrics: By 2025, 20% of organisations will advance their ESG metrics and data management beyond reporting capabilities to generate sustainably driven cost and competitive advantages.
#9: ESG management software: By 2026, 45% of large enterprise firms will implement purpose-specific ESG data management & reporting software as a response to emerging legislation and increased stakeholder expectations.
#10: CEO security metrics: By 2025, 45% of CEOs, fatigued by security spending without predictable ROI, will demand security metrics and results measurement to assess and validate investments made in their Security programs.
