Arsgera - Fotolia

Herjavec: Cybersecurity investment now a priority for CEOs, boards

How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite.

Robert Herjavec, CEO of global IT security firm Herjavec Group and one of the stars of ABC's hit television show Shark Tank, remembers the first time he felt the nation was waking up to the threat of cyberattacks: Then-President Barack Obama used the word cybersecurity in his 2013 State of the Union address. Another sign cybersecurity investment was having a moment? Herjavec said his company used to sell to the "IT guy," but that changed as a robust cybersecurity strategy became essential to the modern company's bottom line.

"Even after I got on TV, I never met with a CEO," Herjavec told the audience at the Gartner Security & Risk Management Summit in National Harbor, Md., earlier this month. "If I did, it was because their kid was a fan of the show."

But while cybersecurity used to be a technical sale, in the last three years, Herjavec estimated 50% of his time now is spent with senior executives.

"I don't mean CISOs; I mean CEOs, boards of directors, people like that," Herjavec said. "All of a sudden, people are really interested in security that aren't in security. I think you are going to see that continue."

Adapting to IT's rapid change

Since it was founded 15 years ago to manage secure environments for large companies, the Herjavec Group has seen a lot of change in the IT industry, Herjavec said.

He pointed to the sheer growth of connectivity alone: Many people are online constantly now. Soon, the idea of connecting, or being online, will cease to exist, because everything will be connected, Herjavec said.

"When you talk about 'being online' in a couple of years, it will just tell people how old you are," Herjavec said. "It's incredible how everything is becoming an access point."

This trend has had a massive effect on cybersecurity investment. When Herjavec started his company, the average enterprise used 12 security products, which he thought was "nuts" even back then. Now, he said, the average enterprise has 74.

This leaves companies to answer the age-old security vendor question of choosing "best of breed vs. everything in one box."

"That's the unique thing about security -- I think there will always be a problem that we don't know," Herjavec said. "We are finding solutions today for problems that we don't even know exist."

What comes next?

Technology's pace of change is certainly reflected in the cybersecurity investment market. Speaking like a true "Shark," Herjavec noted that, at the 2018 RSA Conference last March, there were 1,500 new security products on display. Only a fraction of them are likely to survive, he noted.

When you talk about 'being online' in a couple of years, it will just tell people how old you are.
Robert HerjavecCEO, Herjavec Group

"The pace of change that is going to hit our industry is going to go 'boom,'" Herjavec said. "How many of those are going to survive? How do you know what's hot, what's not? What's going to cause changes?"

With the technology accelerating so quickly, even developing a five-year business plan in the technology space is difficult, Herjavec said.

Consumers' expectations for cybersecurity are changing, too, and it could become a business differentiator, Herjavec said. However, consumers expect companies' cybersecurity investment to benefit them, but don't want to have to do anything about it themselves.

"The shift on security is going away from the consumer to the corporation," Herjavec said. "Your users, your consumers expect you to be secure. And if you're not, they are going to go someplace else."

Another driver of cybersecurity investment, Herjavec said, is it soon will likely become mandatory. Herjavec said cybersecurity companies now sell something that a business has to buy, because they have gone from being "the carbon dioxide detector to the smoke detector." Having a carbon dioxide detector is important and probably a good idea, but everyone has to have a smoke detector, because it is the law.

"I predict that we are going to see a national privacy, [General Data Protection Regulation]-type law in the United States within 24 months," he said. "It's just a matter of time."

As a result, the combination of cybersecurity compliance rules, consumer expectations and constantly expanding threats means the amount of cybersecurity investment will only get bigger. While this may be a strain on IT execs' budgets, he said there was good news for cybersecurity professionals in the audience at the Gartner Security & Risk Management Summit.

"If you have a security background and you don't have a job, you are really unemployable," Herjavec said. "This is the easiest deal to get a job in right now."

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG