As cyber attacks grow in frequency, U.S.-based companies are managing the risk by tapping their current cybersecurity systems already in place, according to a new report by Information Services Group (ISG), a global technology research and advisory firm.

The 2023 ISG Provider Lens Cybersecurity — Solutions and Services report addresses the significant changes to the U.S. cybersecurity landscape in 2022, the result of the declining number of breaches coupled with their increasing severity, as well as tightening compliance rules by the federal government.

Many businesses “began to improve visibility and risk management to better protect themselves from the broader business effects of breaches, such as damage to reputation and fines for lack of compliance,” stated the report.

“It was a tumultuous year for cybersecurity in the U.S.,” said Doug Saylors, partner and co-lead, ISG Cybersecurity. “Attacks became more sophisticated and severe, while businesses stepped up efforts to respond to and survive increasing threats.”

Gowtham Kumar, author of ISG’s Provider Lens report on Cybersecurity, suggested the following: “Verify everything. Many companies have adopted a zero-trust approach. Every device, application and person, from top executives on down, must have their credentials validated and authenticated, even the business owner(s).”

“The extra validation ensures that an aberrant user, application or device will be revealed and stopped before further harm can be done,” he added.

Small and medium businesses are beginning to recognize their exposure to threats, since they are often linked to large enterprises through supply chains. As a result, the report said these businesses are now investing in managed security services.

“Digital maturity, more than size, determines how U.S. companies approach cybersecurity,” ISG said.

Chief information security officers (CISOs) are focused on deriving more value from existing investments, the report added.

Investments are being made in risk assessments, outsourced services and integrated solutions “such as security service edge (SSE) and extended detection and response (XDR).”

Security investments are expanding beyond detection and response, the report noted, to include rapid recovery and business continuity as C-level executives’ awareness for cyber resilience grows.

“CISOs are making cybersecurity a business problem rather than a technology problem. They want more solutions and services that help them align security measures with enterprise objectives,” said Jan Erik Aase, partner and global leader, ISG Provider Lens Research.

As attackers increasingly target specific industries, such as healthcare, utilities, automotive and education, those entities are looking for personalized cybersecurity options to align with threats, attack vectors and regulations in their own sectors,the report noted.

The report also explores other U.S. cybersecurity trends, including the impact of remote and hybrid work and the growing adoption of zero-trust security frameworks and secure access service edge (SASE).

The report reviewed the capabilities of 104 providers across seven quadrants: Identity and Access Management (IAM), Extended Detection and Response (XDR), Security Service Edge (SSE), Technical Security Services, Strategic Security Services, Managed Security Services — SOC (Large Accounts) and Managed Security Services — SOC (Midmarket).

The report named IBM as a leader in five quadrants.

ISG named Accenture, Capgemini, Deloitte, Eviden (Atos), HCLTech, Infosys, NTT DATA, TCS and Wipro as leaders in three quadrants each.

Broadcom, Microsoft, Palo Alto Networks, PwC, Unisys and Verizon Business are named as leaders in two quadrants each.

AT&T Cybersecurity, Cato Networks, Cisco, Critical Start, Crowdstrike, CyberArk, CyberProof, EY, Forcepoint, ForgeRock, Fortinet, Lumen, Netskope, Okta, One Identity (OneLogin), Optiv, Ping Identity, Proficio, Rackspace Technology, SailPoint, Saviynt, Secureworks, SentinelOne, Trellix, Trend Micro, Trustwave, Versa Networks and Zscaler are named as leaders in one quadrant each.

In addition, BeyondTrust, Cybereason, Cyderes, EY, HPE (Aruba), Kudelski Security, Trustwave and Verizon Business are named Rising Stars — companies with a “promising portfolio” and “high future potential” by ISG’s definition — in one quadrant each.