Chief information security officers suffer from unrealistic expectations — their own and others’ — about what cybersecurity tools can do and are burning out as a result, says a new report out Monday.
The report, from the Institute for Critical Infrastructure Technology, calls the syndrome “solution overload,” and says it’s the result of overly high expectations from the C-suite and the “overabundance of vendor solutions.”
“Some CISOs claim that annually they may hear hundreds of company pitches for security tools and solutions,” says the report, noting that this is in part driven by a market crowded with new startups brimming with venture capitalists’ cash.
The report cites statistics that over the past five years, VCs and other investors “funded approximately 1208 private cybersecurity startups with over $7.3 billion.”
With each company trying to aggressively make its mark, the tendency is to “over-promise and under-deliver on their proposal by offering unreliable silver bullet solutions.”
Such fake solutions “undermine the community at large and poisons the vendor-customer relationship,” as well as distracting “CISOs, technical personnel, and solution developers from the risks and threats in the threat landscape and distract[ing vendors] from designing the right solutions to address the market.”