June 6, 2023

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved four beliefs that undermine the value of cybersecurity for organizations and make security programs less successful during the Gartner Security & Risk Management Summit.

The first misconception is that more data equals greater cybersecurity. However, depending entirely on data analysis to reduce risk is impracticable. Instead, it is advised to focus on the bare minimum of information required to show a link between cybersecurity financing and vulnerability resolved.

The second myth is that more technology gives better security. Despite greater spending on security products, executives continue to feel vulnerable. Adopting a basic toolkit approach can help to streamline cybersecurity architecture, decrease complexity, and maximize the value of technological investments.

The third myth is that more cybersecurity personnel equals greater security. There is a talent scarcity in the sector due to the increased demand for talent. It is advocated to address this gap by democratizing cybersecurity expertise and establishing cyber judgment among business technologists.

The fourth myth is that more restrictions increase security. Adding more restrictions in response to unsafe employee conduct might be counterproductive. restrictions that are evaded can be worse than no restrictions since they generate extra friction and encourage insecure behavior.

The sources for this piece include an article in Gartner.