Professional Documents
Culture Documents
Idc Futurescape: Worldwide Future of Trust 2021 Predictions
Idc Futurescape: Worldwide Future of Trust 2021 Predictions
FIGURE 1
Note: Marker number refers only to the order the prediction appears in the document and does not indicate rank or importance,
unless otherwise noted in the Executive Summary.
In last year's security and trust predictions, the era of transformation was the prominent theme. That
theme is punctuated again in this year's predictions as COVID-19 exposed frailties in legacy
approaches (and thinking) and spurred organizations to recalibrate and accelerate their digital
transformations (DX). This is clearly evident in the security risks that the sudden and massive
migration to work-from-home (WFH) arrangements has highlighted and in the new normal of delivering
customer value under the construct of social distancing.
Distinctive in this year's predictions is heightened focus on what digital transformation will entail in how
security is conducted and how stakeholders' trust expectations are expanding from the notion of
merely securing data and assets to a telescoping responsibility in protecting employees, partners, and
customers and increasing business value through trust.
More concretely, ecosystem-rich, cross-technology platforms will become the principal source of
security capabilities. Rather than IT security teams stitching together capabilities from numerous
vendors and service providers (SPs) across multiple established and next-stage technologies,
platforms with expertise built-in will dissolve complexity and eliminate minimum-value/high-effort
security tasks so organizations can focus more on security serving strategic goals than managing the
endless effort of security.
In trust, organizations will be pulled by regulations and industry pressure to advance their
demonstrations of trustworthy. But not all organizations will solely be pulled. The more enlightened will
be fervent advocates of demonstrating trust, weave their advocacy into their organizational fabric,
expect the same of their strategic partners, and support and sponsor promising technologies that
institutionalize trust.
Within this document are IDC's top 10 predictions on the future of trust and advice to assist
organizations in navigating the changes ahead. Those predictions are:
Prediction 1: By 2022, budgets for modern software-defined secure access solutions will
quadruple as flaws in legacy VPN remote access solutions are illuminated by the massive
work-from-home migration.
Prediction 2: By 2023, to reduce security complexity faced by limited staff, 55% of enterprise
security investments will be on unified ecosystem and platform frameworks.
Prediction 3: By 2024, two of the three largest public cloud providers will be among the top 5
largest managed security services providers following multiple multibillion-dollar acquisitions.
Prediction 4: By 2025, 80% of chief trust officers will demand vendors to incorporate security
and risk capabilities to measure corporate trust including vendor relationships and employee
reputation.
Prediction 5: By 2023, collective risk management requirements between primary and third
parties will force 50% of third-party risk and security service providers to employ advanced
analytic tools.
Prediction 6: By 2023, privacy regulations in 50% of G20 countries will require that social
media providers provide the option to delete content and data about children under age 16 as
they become "of age."
Prediction 7: By 2021, 40% of organizations will leverage employee productivity software to
monitor and improve the digital workflows of their full-time, work-from-home employees.
"Organizations' futures are built on trust and that is evident in IDC's top 10 future of trust predictions,"
according to Michael Suby, IDC research vice president, Security and Trust. He adds, "Leveraging
available security capabilities effectively, adhering to privacy and data protection regulations as a
general course of operations, and stringently following a governance model that extends to business
partners and suppliers will become integral to uplifting trust as a means of competitive differentiation."
However, the work-from-home trend also highlighted the limitations of legacy remote access
technologies as IT teams toiled for long days, late nights, and weekends to install VPN software on
user devices and expand VPN capacity in the network. These challenges drove awareness of the need
Prior to COVID-19, IDC considered the adoption of SDSA solutions to be inevitable but occurring as a
gradual transition. VPN was born in a day when business applications lived behind a firewall and the
threat to enterprise data from cybermiscreants was less acute. Digital transformation trends would
gradually reveal the technical and operational limitations of VPN technologies at a pace that would
allow decision makers to adopt SDSA in limited use cases and expand adoption when possible.
However, the pandemic has decidedly accelerated the transition to SDSA solutions.
Associated Drivers
The next normal — Resilient business and operating models
Digital divide — The imperative of connectivity
IT Impact
Limitless, unfettered access to network resources violates the tenets of least privileged access
and zero trust. The migration to SDSA provides the opportunity to correctly implement a fine-
grained application-specific and identity-based approach to remote access.
Applications are migrating away from centralized datacenters to the edge including SaaS,
PaaS, and IaaS. IT must reconsider the relevance of VPN in an age where data lives
everywhere and ubiquitous, location-agnostic delivery is a top business priority.
VPN is the second-largest source of help desk calls in an era when enterprise users are
demanding IT experiences in the workplace to be as good or better than the experiences they
have in their private consumer lives. Implementation of emerging technology may be fraught
with short-term challenges but offers long-term benefits and improvements.
Guidance
Enterprises rely on a mix of applications including legacy applications. These applications vary
widely in terms of underlying infrastructure, business criticality, users, and risk. Secure remote
access is not approachable as a monolith. Evaluation, selection, and implementation of SDSA
technologies must factor in application-specific characteristics as much as possible.
IT managers will need to create pan-organization work teams to fundamentally reengineer the
manner in which remote users engage with applications to simultaneously deliver on favorable
user experiences and overcome security.
SDSA may offer the ability to inject threat detection and prevention capabilities into the remote
access process or the architecture itself. This raises the possibility that the SDSA market will
continue to morph in the coming years, as the broader trend in the security industry is toward
consolidation.
Prediction 2: By 2023, to Reduce Security Complexity Faced by Limited Staff,
55% of Enterprise Security Investments Will Be on Unified Ecosystem and
Platform Frameworks
Cybersecurity practitioners have continually added security vendors and tools to their inventory over
the past eight years. With this rising inventory, the enemy of security, operational complexity,
increased. In parallel, organizational IT environments were expanding as growing number of
companies embraced digital transformation strategies and added new tools, services, and solutions
inside and outside of the security perimeter. In 2020, practitioners sought to address this complexity
The core of security operations — cybersecurity analytics, intelligence, response, and orchestration — is
where three powerful forces are colliding. The first is DX scrabbling traditional workflows. Second is
the ongoing shortage of security operations center analysts and the global demand for analysts is only
likely to accelerate. Naturally, the last dynamic is the COVID-19 pandemic. The effects from the
coronavirus are myriad, but there is a practical, human toll that occurs in IT/SecOps; that is to say that
IT operations were a much more collaborative effort than thought of at first blush. For example, newly
acquired security systems require training and professional deployment. Another example is RESTful
APIs. While these APIs make it possible to link IT and security stacks, capable personnel is still
necessary to write and maintain scripts to tie APIs into business context.
Enterprises are acutely aware of these dynamics. Best-of-breed security point products will always
have an allure; however, with each new security component, comes additional training, dashboards
and, worse yet, more noise. Enterprises are splitting their attention in two different directions. The first
is toward large security organizations (including security service providers) that create and foster
relationships with smaller security vendors. Practical examples of this include Symantec's (Broadcom)
technology Integration Partner Ecosystem, Cisco Security Technical Alliance, and even the Splunk
AppStore or AWS Security Competency Partners Network that insist on strong integration
requirements from participating application providers. The second direction is enterprises increasing
their spending on turnkey multiproduct platforms, such as the Fortinet Security Fabric or Check Point
Infinity platforms. The reasoning is that the time to retrain analysts on singular platforms is significantly
less than over multiple point products.
Associated Drivers
Strategic innovation — Shaping the future enterprise today
Digital platform — Ecosystems at scale
IT Impact
No one vendor can address all security needs. Incompatibility of tools make product selection
a nontrivial task. True integration is not just about being standards compliant or having an API
but owning the responsibility for the interoperability of APIs on behalf of the client, which drives
the need for platform-focus vendor decisions.
IT managers will be forced to extend the security planning horizon beyond the current 12-
month horizon to three to five years to avoid suffering from integration challenges in the future.
These integration challenges contribute to expensive product replacement decisions or high
professional services dollars to solve.
IT organizations must immediately prioritize remediation efforts to address the backlog of
technical debt incurred as a result of hasty digital transformation brought on by the onset of
remote work during 2020 with COVID-19. This will include architectural design, quality and
security analysis, and review.
Ecosystem-focused security investments' collateral impact will be recognized through
simplification of procurement, benchmarks, and baselines unification across ecosystem under
the single framework and additional flexibility from switching between externally and internally
managed solutions in the stack within one ecosystem.
Prior to the pandemic, there was already a shift underway of moving workloads to public and private
clouds. Organizations have been shifting workloads between on-premises and private clouds while still
maintaining workloads across all three environments (on premises, public cloud, and private cloud).
With the pandemic, the need to adopt more services from cloud providers has increased, especially as
organizations remained longer in WFH arrangements. Demonstrating this increase is 90% of
respondents in IDC's U.S. Managed Security Services (MSS)/Managed Detection and Response
(MDR) Survey that indicated that they would utilize one of their top cloud hosting providers if they
offered an MDR service. Moreover, the adoption of cloud services has accelerated organizations'
digital transformation projects as the need to service remote workforces with seamless access to
corporate resources has grown.
With the growing adoption of cloud and managed security services, organizations will continue to fuel
opportunities for cloud providers to offer more security services. In addition, with the surge in
digitization, the need to secure critical data and applications in the cloud will push cloud providers to
offer additional services. In IDC's 2Q20 Cloud Pulse Survey, respondents named the three largest
cloud services providers as their most trusted partners in helping them adapt to changing business
conditions. As customers increase the number of applications in cloud environments, the more they
will spend on security solutions. While cloud providers such as Microsoft and Google have been
partners with a number managed security SPs, their offerings in security services are expected to grow
rapidly over the next few years. The amount of R&D spending that these firms have available is vast,
giving them the ability to spin up their own offerings to the market if given enough time.
Today, IDC defines the future of trust as comprising five core elements: risk, security, compliance,
privacy, and ethics and social responsibility (see The Future of Trust: Mitigating Risk and Creating
Value (eBook), IDC #US46533320, June 2020). According to IDC's 2019 CEO Survey, digital trust
programs are the most important agenda item in the next five years. With the impact of a global
pandemic in the rearview mirror, digital trust will remain a critical focus. By 2025, two-thirds of the
A new C-suite role will emerge called the chief trust officer (CTrO) combining legal overview and
enforcement responsibilities. This officer will be tasked with measuring corporate trust across the five
key areas mentioned previously. Five years from now, this role will be fully instantiated and 80% of
these officers will demand that their suppliers demonstrate corporate trust in their internal and
extended ecosystems. This will require cognitive and behavioral technologies to analyze vast
quantities of data and to augment human decision making as well as pervasive controls across all
aspects of the digital business.
Associated Drivers
Intelligence everywhere — Data drives action
Digital platform — Ecosystems at scale
Crisis of trust — Meeting rising expectations
IT Impact
As 5G escalates to full-blown potential creating a further hyperscale, sensor-driven world,
pervasive risk controls will be key. These controls will measure the five elements of trust of the
master organization as well as its extended ecosystem (refer to prediction number 5).
Technologies such as machine learning (ML), artificial intelligence (AI), deep learning, and
predictive analytics will seek to ingest disparate telemetry from a wide range of sources and
then deduplicate and contextualize the data for analysis. Visibility will be inconsistent and
limited at first, giving rise to increased security vulnerabilities, reduced privacy control, and
escalated risk.
As vendors create tools to manage the sheer volume of trust components, some will
necessarily improve algorithms to mine data and enhance user interfaces. Platforms will come
on the scene for access, control, and response to vulnerabilities including and beyond security
to privacy, risk, compliance, and technology for social good.
One impact that will include but go beyond IT will be the need to be proactive — not reactive —
in the technology for social good area. Failure to be proactive will have negative brand and
material financial impact.
Guidance
Early adopters of trust doctrines should invest in start-up capabilities for the development of
cognitive and advanced analytics in this arena.
CTrOs should seek to include a broad set of stakeholders from technical (IT) to line of
business and legal/HR.
Service providers must educate customers on the negative impact that destroyed (or at best,
immature) trust can bring to the brand. Work with clients and partners to build out scenarios
and data sets to illustrate brand improvement when trust analytics and metrics are employed.
Prediction 5: By 2023, Collective Risk Management Requirements Between
Primary and Third Parties Will Force 50% of Third-Party Risk and Security
Service Providers to Employ Advanced Analytic Tools
Let's face it, the days of the third-party audit for due diligence have been numbered ever since the
Target breach highlighted just how porous external connections can be. As the enterprise engages
with an increasingly large number of external stakeholders — including, but certainly not limited to,
Our IT environments are too dynamic for an audit to help, especially since the pandemic makes any in-
person audits unlikely for the foreseeable future. For example, multiple waves of IDC's COVID-19
Impact Surveys have revealed a high percentage of respondents (close to 60%) that indicate their
operating and business models will need to be digitally enabled and extended to include new
ecosystems as a result of the COVID-19 pandemic. Indeed, many organizations are operating "at risk"
with rapidly onboarded suppliers or a high volume of third parties with access to critical or sensitive
information without due process assessment of them due to travel restrictions. The pandemic has put
many third-party risk management (TPRM) programs under a serious test, and it proves that many of
the TPRM programs need a revamp.
It's time for organizations to adopt and adapt to continuous audits driven by instrumentation of the IT
environment to collect ongoing data for analytics. As organizations get smarter about how risk is
impacted by activity and architecture, they continue to build out their security posture as a function of a
broader trusted ecosystem. We expect organizations to begin with a standard set of risk
measurements (key risk indicators [KRIs]) and continue to integrate an understanding of how
connectivity affects risk. In addition, organizations will extend TPRM discussions to include
discussions of supply chain redesign and adoption of advanced analytics tools and automation taking
considerations of sourcing materials, data, privacy, remote/offshore, service levels, cyber-risks, and so
forth.
Associated Drivers
Strategic innovation — Shaping the future enterprise today
Intelligence everywhere — Data drives action
Crisis of trust — Meeting rising expectations
IT Impact
The future of the digital enterprise will necessitate collective risk management practices
between primary and third parties, and system and security transparency will be compulsory to
engage in partnership.
IT managers will be forced to comply with third-party risk and security assessments and be
able to demonstrate remediation of noncompliance. Compliance will be a compulsory part of
doing business, and ML and AI will be employed to validate against agreed-upon SLAs,
metrics, and so forth.
Countries that today do not have compulsory breach notification will add an SLA for timely
community notification to their ecosystem partners.
The requests will first be considered best practice but will evolve to be required as board of
directors begins to request increasing comprehensive risk assessments.
Guidance
Periodically assess the effectiveness of TPRM, especially leveraging services, to provide a
benchmark to assess maturity of your organization versus peers.
Streamline operational processes, and determine which functions can be highly automated
and which functions can be taken as managed services from a trustworthy provider.
Recognizing that social media activity at younger years is not an indication of how that same individual
has matured in later years will cause lawmakers and regulators to dictate that social media providers
set up the mechanisms to allow for the deletion of their activity prior to turning 16 years old. For
example, it was as long ago as 2013 that the United Kingdom's first Youth Police and Crime
Commissioner, then aged 17, felt compelled to resign after just six days in post due to messages
posted on Twitter dating back to when she was 14. But was this a fair reflection on her ability to
conduct the role?
The mechanisms to facilitate deletion that need to be put in place will be similar to those that had to be
put in place to account for the regulation in Article 17 of the EU's General Data Protection Regulation
(GDPR) and have more recently had to put into place to address the California Consumer Privacy Act
(CCPA) that went into effect in January 1, 2020.
Associated Drivers
Geopolitical risk — Societal and economic tensions escalate
Crisis of trust — Meeting rising expectations
IT Impact
One of the heaviest lifts in removing information about any individuals — let alone a sensitive
group such as minors — is locating where this data is stored. In addition to the "live" data, there
are further implications around backups. Removing data from live systems is much easier than
backups. Clarification around air-gapped backups will be a stumbling block.
The "trust but verify" principle will play heavily here, especially as data leaks begin to show a
lack of compliance, which, in turn, forces outside audits to be performed.
Helicopter parents may drive a demand for an archived export of prior activity. Monetizing this
capability can help offset the increased cost of purging the information that was stored on
minor children. But this must acknowledge regulatory requirements, where, for example, the
EU's GDPR enshrines the "right to be forgotten" (RTBF).
Guidance
There may not be a "one size fits all" regulation that is accepted. Forward-looking
organizations will need to account for various regulations across nations and industries that
may allow for rights, ranging from individual post deletions to the entire wiping of a child's
online activity.
Historically, many office workers have been within a quick walk or a quick glance of their managers
and could be easily monitored both visually and electronically. When devices moved from secured
internal networks to a connection through home broadband, the organization's attack surface
expanded and enterprise control declined. To offset, expect enterprises to adopt monitoring software.
This monitoring software will not only monitor the app usage and time employees spent doing work
tasks but also monitor for insider threats and anomalous activity. During the pandemic, business
resiliency and continuity became of renewed importance and protecting the organization is a major
part of that. Expect this to be a major focus of this monitoring initiative as well.
The impact of this software should not be interpreted as Big Brother-esque. Rather, by monitoring
employees' work habits, use of applications, and workflows, enterprises will gain new insights.
Analytics run on the collected data will unlock insights that lead to modifications in and integrations
among applications and workflows that minimize repetitive tasks, reduce error, and improve worker
productivity. Enterprises do, however, need to tread cautiously in order to gain the trust of employees
by framing this new software as a "digital coworker" as opposed to a tattletale sibling.
Associated Drivers
The next normal — Resilient business and operating models
Crisis of trust — Meeting rising expectations
IT Impact
The number of remote workers requiring secure access to business applications greatly
expanded with the stay-at-home orders. While necessary, many employers are legitimately
worried about worker productivity because of competing priorities within the home. This will
drive demand for productivity monitoring software to ensure that work is not ignored.
Productivity monitoring software will increase demands on compliance, legal, and HR teams.
The privacy concerns and compliance issues will only increase in complexity because of the
increased monitoring of employee's digital work lives.
In addition, current forms of identification are controlled by third parties and centralized. The ability to
prove one's identity, access to bank accounts, health insurance, and other vital services are controlled
by those third parties. Consumers are beholden to those third parties but also deeply suspicious of the
use of their data by those third parties. The consequence of this lack of control and lack of trust is a
lack of willingness by consumers to participate in an effort like contact tracing during a pandemic; an
effort that could help stem the spread of a deadly illness.
The COVID-19 pandemic has highlighted the failure in the current identity framework and emphasized
the need for tracking the movements and contacts of infected patients by multiple parties. This contact
tracing must be delivered in a manner that acknowledges consumer wariness and protects the privacy
of those using any tracking solution (while also adhering to regulations such as HIPPA and GDPR). A
decentralized, digital identity framework would involve technology vendors, government agencies,
healthcare providers, insurance companies, and others but would also put the consumers in ultimate
control of their data, ensuring privacy while also promoting widespread participation in a contact-
tracing application.
Associated Drivers
The next normal — Resilient business and operating models
Crisis of trust — Meeting rising expectations
Just as healthcare regulatory bodies certify drug efficacy, auditors certify corporate financial
statements, and standards bodies certify the safety of products, regulatory certification of AI/ML
applications delivered by independent bodies of experts will help bridge the trust gap and enable
customers and regulators to determine the trustworthiness of AI systems.
To ensure their lawfulness, fairness, and transparency, high-risk AI/ML systems will require a
conformity assessment to include checks of the algorithms and data sets used and the impact
algorithmic outcomes may have on an individual and on wider society.
The challenge with reporting sustainability and social responsibility initiatives is more difficult than for
other financial metrics. It is important that results can be attributed to specific initiatives while providing
tangible benefit to the organization and the intended beneficiaries. Examples include using recycled
packaging that reduces waste (helping the environment) but also the cost of production (cost savings
in the manufacturing process), funding private education initiatives for disadvantaged communities
(helping the unskilled) but also investing in potential future talent (recruitment, HR, etc.), enabling
Associated Drivers
Geopolitical risk — Societal and economic tensions escalate
Crisis of trust — Meeting rising expectations
IT Impact
An increasing number of corporations see the value in incorporating sustainable goals into the
overall company strategy and being good corporate citizens, but boards of directors are
already demanding accountability and returns on investment. As a result, internal structures
and processes will be implemented to measure the success of such initiatives.
Standards and agreed definitions are still relatively informal, with huge variations across
customer, supplier, and partner organizations. IT management will be challenged in terms of
providing infrastructure for quantifying results relative to existing reporting mechanisms — it will
be highly dependent on collaboration with other parts of the business.
IT will see an overhead in the additional corporate presence required (web/social media, etc.)
that accompanies social responsibility initiatives, particularly those that are long term,
campaign focused, and linked to third sector activities.
Management of IT equipment in relation to sustainability initiatives is fundamental to a
company's ability to achieve its intended development goals and enable trust among
customers and employees. This will resonate among investors and stakeholders that are
increasingly seeking organizations that adhere to these principles.
Guidance
Create and publish an overarching sustainability strategy that is transparent in its aims and
has achievable goals. This should incorporate both the altruistic, non-for-profit aspects of
traditional CSR functions and specific objectives around environmental and social goals
internally within the organization.
Be clear about levels of investment and over what timescale. Ensure actions follow marketing
messages to avoid the risk of being accused of greenwashing, with the negative
consequences this might have on enabling trust.
Incorporate basic metrics into quarterly reporting mechanisms (similar to financial
announcements) and look at automating parts of it to enable transparency and agility.
Our primary advice to technology buyers is that they must be strategic business solvers first and
technologists second. Although a simplistic and recurring notion, putting into practice is anything but
simple in the context of the hyperspeed of technology innovation (and obsolescence) and competitive
disruption, the patchwork nature of privacy and data protection regulations, and cyberthreat actors that
never sleep and are adept at locating and exploiting the weak links in any armor.
Under these circumstances, it is almost excusable that the technologist role comes first. Yet, when
organizations fail to meet their business objectives and the fingers point to technology decisions,
reciting feature comparisons among vendors and products will provide little consolation. The issue isn't
that the wrong vendor or product choice was made to solve a problem, but the problem to be solved
To assist in strengthening your role as a strategic business solver, our advice is:
Have a current inventory of your organization's assets. This is not limited to your IT assets but
should also include personnel, data that has been entrusted to your organization, sensitive
data your organization created, software, processes, partner relationships, patents,
customers, brand, and reputation. This means essentially any and all assets that directly relate
to the product and service your organization delivers to the market.
Map assets to business objectives. It is a simple sounding exercise but one that pays
dividends when done well but also cuts deeply when done poorly (e.g., missed opportunities to
retire diminishing return assets and redirect resources to better alternatives).
Engage with your stakeholders. The business dependencies on the technology you and your
team buy and manage are increasing in number and criticality. These dependencies have
stakeholders. Meaningfully engaging with all of the relevant stakeholders will assist in
confirming your technology choices are optimally aligned with meeting business objectives
and gaining advocates when course adjustments are required.
Context
Today, to sustain the business, many small and medium-size enterprises have had to quickly pivot
business models. Large organizations are having to reinvent themselves for growth and
competitiveness — before their competitors do. Now more than ever, organizations are looking for new
ideas and emerging best practices to improve the effective use of resources and accelerate the ability
to deliver digital services to customers, patients, and constituents. According to IDC's Worldwide
Digital Transformation Spending Guide, global spending on digital transformation technologies and
services is forecast to grow 10.4% in 2020 to $1.3 trillion despite the challenges presented by the
COVID-19 pandemic.
Context
COVID-19 has acted as an accelerant to shifting consumer preferences and business models. Global
retail 2020 growth estimates will be halved from pre-COVID-19 forecasts. Retailers are responding
with alternative delivery methods and more digital touch points across the shopping experience. Work
from home is the new normal for knowledge workers, while worker safety takes on new importance. In
education, there is a shift in "when" and "where" learning happens, bringing into question some of the
fundamental assumptions that underpin the traditional four-year college degree model.
Context
In this world where data drives action, ensuring the veracity of the data and transforming data into
insights become a strategic imperative. But it is not just having more data that matters. Based on IDC's
Global DataSphere study, less than 3% of the data currently created is analyzed to affect enterprise
intelligence. What becomes essential is: first, to put data into context to provide meaning; next, to
understand it in relationship to other data and events to gain knowledge; and finally, to add judgement
and action to achieve insight and the full potential of value realization.
Context
Societal tensions exploded in what is known as the Global Protest Wave of 2019 (and into 2020).
While reasons for each span the spectrum, misinformation, social media, and polarization played
major roles in all. Then, add the pandemic and massive unemployment to the picture. In June 2020,
unemployment reached 40 million in the United States and 150 million in India, with other areas
reporting similar levels of unemployment. Now, different countries and regions are having different
levels of success in mitigating the risk of resurgence. Business needs to factor this volatility into
operational and market strategies and decisions.
Context
The digital economy has spread rapidly throughout the world. Leading organizations are shifting to
digital platform thinking to evolve their business models and manage their technology architecture.
Platform thinking is a fundamental shift in business strategy — moving beyond product differentiation
and pricing toward ecosystem-based value creation. It is also a long-term, sustainable response to
new realities in the digital economy, one in which organizations transform themselves into digital-
native enterprises.
Context
Cybercrime has increased manyfold since COVID-19. For example, Palo Alto Networks reports email
phishing and scamming schemes have increased 650%. Yet the growth in security investment is
expected to decrease in 2020, even while 70% of cybersecurity teams are understaffed (source:
ISACA) and the mean time to identify and contain a breach is months, not days. Adding more pressure
on business, the most favored companies right now are those that are not only secure but also giving
back to their communities. Business Roundtable, an association of CIOs, changed the Statement on
the Purpose of a Corporation to "take into account all stakeholders, including employees, customers,
and the community," rather than only profit. Trust is not just about security anymore; it is also about
responsibility.
Context
COVID-19 has reshaped how people think about internet connectivity and the urgency to bridge the
digital divide. At the end of 2019, the International Telecommunication Union estimated that around 3.6
billion people remain offline. While the digital divide is greater in developing nations, developed
countries see the divide run through rural and low socioeconomic status communities. For
organizations, connectivity is critical for information to be created, shared, and consumed in real time.
LEARN MORE
Related Research
Critical External Drivers Shaping Global IT and Business Planning, 2021 (IDC #US46859220,
October 2020)
Ubiquitous Deployment: A Holistic Approach Makes Infrastructure More Adaptive and Flexible
(IDC #US46826420, September 2020)
Pervasive Application Edge Defense: An Application-Based Framework for Trust (IDC
#US46810219, September 2020)
Facial Recognition Facing Setbacks (IDC #lcUS46850620, September 2020)
Key Findings: 2020 U.S. Managed Security Services/Managed Detection and Response
Survey Results (IDC #US46853720, September 2020)
Is Privacy Impacting our Safety and Security? GDPR, UBA, and COVID-19 Contact-Tracing
Apps in Europe (IDC #EUR146657020, July 2020)
Cybersecurity Is the Top Skill Needed in the Recovery from COVID-19 (IDC #US46736619,
July 2020)
The Future of Trust: Mitigating Risk and Creating Value (eBook) (IDC #US46533320, June
2020)
Technology and Sustainability: The C-Suite in the Anthropocene Era (IDC #EUR246412520,
June 2020)
IT Vendors Step Back from Facial Recognition Software Considering Racial Inequity (IDC
#lcUS46610020, June 2020)
COVID-19: Quantifying the Impact on Blockchain (IDC #US46299020, May 2020)
Future of Trust: Creating Trust Outcomes (IDC #US46184820, April 2020)
Future of Trust: Defining Trust (IDC #US46185920, April 2020)
Analytics: The Foundation of the Future of Trust (IDC #DR2020_T7_CK, March 2020)
IDC FutureScape: Worldwide Security and Trust 2020 Predictions (IDC #US45582219,
October 2019)
Global Headquarters
5 Speen Street
Framingham, MA 01701
USA
508.872.8200
Twitter: @IDC
idc-community.com
www.idc.com
This IDC research document was published as part of an IDC continuous intelligence service, providing written
research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC
subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please
contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on
applying the price of this document toward the purchase of an IDC service or for information on additional copies
or web rights. IDC and IDC FutureScape are trademarks of International Data Group, Inc. IDC FutureScape is a
registered trademark of International Data Corporation, Ltd. in Japan.
Copyright 2020 IDC. Reproduction is forbidden unless authorized. All rights reserved.