All Research
Advisory Note
KuppingerCole Maturity Level Matrices cover the major market segments within cyber security. This matrix aligns with the processes essential to good cyber hygiene as well as the NIST cybersecurity framework. It provides the foundation for rating the current state of your cyber security projects and programs.

1 Introduction / Executive Summary

Organizations are critically dependent upon IT services and are therefore vulnerable to cyber security incidents. This report provides a tool to evaluate the maturity of your organization’s cyber security to defend against and recover from cyber incidents.

Organizations have moved from using IT services that are exclusively delivered by equipment on-premises to a mixture of delivery models that include cloud services. The need for digital business transformation to provide greater flexibility as well as cost reduction has driven this move to a hybrid IT environment. At the same time cyber risks have increased with cyber criminals and nation states using cyber-attacks to blackmail organizations and disrupt society. Furthermore, the change in how IT services are delivered brings with it increased challenges of management, compliance, and security. This makes it essential to continuously review and update your cyber security posture, processes, and tools.

There are three main cyber security related business risks: loss of business continuity, compromise of business data, including fraud, and compliance failure. Cyber security processes and technology address these risks. Business continuity risks from ransomware, Distributed Denial of Service (DDoS) attacks, as well as simple system failures and natural disasters have increased as businesses have gone digital. Data is the most valuable asset of the modern digital business and theft of intellectual property as well as personal data breaches can be expensive. Organizations must comply with more regulations and laws and cyber failures put their obligations under these at risk.

In addition, technological advances such as the increasing use of Generative Artificial Intelligence (AI) and Machine Learning create additional dependencies and cyber risks. Regulations now identify risks to data during processing by third parties and approaches such as pseudonymization must be considered. Quantum computing advances pose a threat to today’s widely used encryption technologies and organizations need to plan a transition to quantum safe encryption.

Cyber security encompasses a wide range of processes and technologies that are intended to address these risks. They help to ensure good “cyber hygiene” by identifying the assets that are at risk, removing weaknesses, protecting against misuse, detecting threats and risky behaviors as well as recovering from cyber-attacks. Traditional cyber security tools ranging from anti-malware to identity and access management are readily available and can help to reduce these risks if they are used effectively.

While major Cloud Service Providers (CSPs) go to great lengths to secure the services that they provide, it is up to the cloud service customers to secure how they use these services. The responsibility for security and compliance is shared between the cloud customer and the CSP. There are now many tools on the market in tools intended to help organizations to manage the new risks. Organizations need to exploit these new tools to provide consistent cyber security governance across the hybrid IT estate.

All these factors make it important for organizations to continuously review and update their cyber security approach.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use