Paris Olympics: Cybersecurity Spending to Increase by $150M in Europe
The Games of the XXXIII Olympiad, otherwise known as Paris 2024, will take place against a backdrop of the most sophisticated cyberthreat landscape ever. The capabilities of threat actors are evolving and substantial, and they pose a risk not only to Games operations directly, but to the wider Olympics ecosystem and the broader business environment.
The high-profile global nature of the event makes the Olympic Games an attractive target for threat actors motivated by varying goals. Athletes from 200 countries are expected to participate in the Games, with coverage broadcast around the world.
To mitigate Games-related risks, organizations in Europe will increase spending on cybersecurity services by $150M in 2024, according to our analysis. Of this figure, 63% ($94M) will be spent in France.
Cyberthreats rarely respect geographic borders. We expect a variety of tailored threats related to the Games to cause a ripple effect of increased spending across Europe, and to a lesser extent, around the world. Some threats will target IT assets in use for the Games, while others will utilize phishing content themed around the Olympics to trick users into clicking on malicious links (among many other threat types).
A vicious cycle of risk is at play. It involves political factors that may trigger changes in the threat landscape, advances in AI, and a shortage of resources in organizations. This is driving cybersecurity and business leaders to bring forward cybersecurity services spending.
Professional cybersecurity services, including cyber-resilience consulting and incident management, will see increased spending. This should improve the ability of organizations to prevent or detect and respond to cybersecurity events. The level of risk and spending varies between vertical sectors.
The French national cybersecurity agency ANSSI has led multiple projects to mitigate the risks. It said, “The Paris 2024 Olympic and Paralympic Games are likely to attract the attention of various malicious cyber actors who may seek to take advantage of the event to gain visibility and make their claims known, damage the image and prestige of competitions such as those of France, or simply seek financial gains through extortion. These various threats to the Games are further amplified by the digitalization of this type of event in terms of the general organization, the running of the events, the logistical aspects, the infrastructure and the rebroadcasting of the events via different media.”
Indeed, Paris 2024 will be the most connected Olympics ever in terms of the IT estate, which includes back-of-house systems, critical national infrastructure, sport and broadcast technology, merchandising, and ticketing. The criticality of each asset varies significantly.
Organizations in France are moderately well prepared to address cyber-risk in comparison to their peers across Europe. But just 19% of large organizations in France believe their cybersecurity posture is mature or better. This is lower than the European average.
The Olympic Games will take place in Paris and 21 other cities across France from July 26–August 11, followed by the Paralympic Games from August 28–September 8, in the largest event ever held in France.
The International Olympic Committee is working with a range of global technology and cybersecurity providers to protect the Games. The cybersecurity issues involved are discussed in greater detail in a new IDC report, Cybersecurity and the 2024 Olympic and Paralympic Games.
A Tech Marketer’s Guide in the Age of GenAI - Crafting Unique Narratives
In today’s digital landscape, where AI can churn out content in seconds, marketers face a unique challenge: How can we create narratives that stand out? Let’s explore strategies for crafting compelling and differentiated stories in the era of generative AI (GenAI).
- Connecting the Dots
Marketers must start by connecting the dots between their promotional goals, their target audience, and a narrative that sets them apart from competitors. Relying solely on AI-generated content won’t suffice. Instead, strategic architects of brand stories must emerge.
- The Power of Unique Market Data
Leveraging unique market data is crucial. Dive deep into analytics, trends, and IT buyer behavior. What insights can be gleaned from data that others might overlook or might not have access to? Perhaps hidden patterns or emerging needs exist that GenAI hasn’t discovered yet. Tap into this data to create narratives that resonate.
- Insights Beyond Algorithms
GenAI analyzes vast amounts of information, but it lacks context. Unique insight comes from understanding not just what the data says but also why it matters and to whom. Ask: What motivates our audience? What pain points do they face? How can our product or service genuinely make an impact?
- Customer Success Stories
Compelling customer success stories resonate because they’re authentic, relatable, and emotional. GenAI can help write these narratives, but marketers must discover, create, and curate them — and find the right audience.
- The Art of Storytelling
GenAI generates content, but it can’t create captivating and unique stories. Marketers should not passively rely on GenAI. They should use it as a creative partner, stepping up to the role of the storyteller. Weave together facts, emotions, and aspirations. Whether it’s a blog post, a white paper, or an entire campaign, storytelling remains a uniquely human skill.
Conclusion
In the age of GenAI, marketers are both collaborators and curators. Collaborate with AI tools like GenAI to streamline content creation, but also curate the essence of your brand through unique narratives. By joining the dots, leveraging data, and telling authentic stories, marketers can thrive. Remember: GenAI can write — but marketers create the story.
Interested in a deeper understanding of the issues discussed here? Contact Dominique Bindels at dbindels@idc.com.
Also, you might be interested in the following complimentary IDC guides:
Increase Customer Lifetime: The B2B Growth Marketing Guide for Tech Vendors
AI: Unleashing Strategic Sales – Driving Tech Investments in 2024
B2B Marketing & Sales Guide to Outcome-Focused Conversations
Application Modernization Strategies to Meet the EU CSRD Regulations
The EU’s new Corporate Sustainability Reporting Directive (CSRD) has thrown a chill on the business processes of organizations: Companies must modernize their applications and data foundations to enhance their reporting capabilities.
The struggle of companies in Europe to comply with the CSRD was on display at the ChangeNOW global summit, held in Paris at the end of March. Participants at the event — which seeks to map sustainable initiatives, best practices, tools, and technologies — revealed that organizations are lagging when it comes to implementing CSRD.
This is in line with results of IDC’s recent European IT Services Survey (N = 700), which found that just 25.6% of European organizations expect to deploy tech to improve sustainability KPIs as a transformation initiative in the next two years.
The CSRD is having a huge impact on organizations: It imposes reporting standards that compel organizations to publish their ESG information, which must then be verified and audited. All industrial sectors, from large accounts to SMBs, are subject to a staggered compliance timetable: The first reports must be published between 2025 and 2026 for large accounts, and in 2027 for SMBs.
Everyone agrees on one point: It’s a race. The timetable is forcing the acceleration of activities in data collection and qualification, methodologies and best practices, to structure and industrialize the creation of these reports.
CSRD weighs heavily at all levels of organizations. It requires a review of business processes and the organizational model, and, therefore, the modernization of core business applications — where the data is. New platforms or custom developments may need to be deployed to consolidate ESG data.
After examining their data lakes and the shift toward new data architectures, many businesses perceive this as a transformational endeavor.
Like any IT project, such complexity brings opportunities for services providers to support organizations with compliance. IDC surveys have shown that 41.2% of organizations expect partners to play a key role in implementing their sustainability strategy and achieving their objectives.
The Scaling Problem of Legacy Finance
Let’s examine where CSRD creates a bottleneck. Among the processes impacted by the CSRD is that of the finance department. Today, the CFO is one of the guardians of the transformation of the finance function, whose scope has been extended to non-financial matters and CSR.
For example, the French bank Crédit Agricole and cosmetics specialist L’Oréal have entrusted the finance department with their CSRD projects. Experienced in standardized financial reporting, the CFO has the difficult task of reproducing and improving processes by integrating CSRD.
Logical, but still difficult to implement. One of the biggest challenges is getting the different personas impacted by CSRD — and the associated data — to sit at the same table to find the right communication channel and vocabulary to communicate.
These human interconnections represent a real challenge in terms of governance but are necessary to deploy an application modernization strategy and convert the new operational model and business processes into a revitalized IT structure.
Financial IT systems are often very mature. CSRD requires them to scale rapidly to support new workloads in only three years. This includes related data initiatives: the mapping of data sets, the overcoming of information silos, increasing automation, and supporting heterogeneous files (PDF or Excel, for the most part).
The legacy must be modernized within the timeframe of the CSRD. But urgency means risks must be controlled. For example, misunderstanding the regulation and the requested data could have a negative impact on technological engagements and procurement.
Using GenAI to modernize legacy applications and make them “CSRD ready” has been explored to collect, map, and consolidate data, generate appropriate information for criteria, or automate the storytelling inside the CSRD reports.
Capgemini has detailed how GenAI could accelerate gap analysis and identify which data is lacking and which data is relevant for presentation. L’Oréal discussed how it believes that GenAI is key to education and acculturation on the criteria and wording of the regulation.
This scenario is in line with our vision for application modernization strategies in Europe.
The implementation of the CSRD — and, by extension, the major theme of sustainability — represents a powerful driver for adapting processes, revitalizing part of the application estate, and establishing a coherent link between IT and new business requirements.
Revitalizing applications to optimize business processes is a key theme of IDC’s European Application Modernization Strategies research program.
Modernize with a Sustainability/ESG Integration Platform
The challenges include making the regulation a starting point for a more global strategy, and placing CSRD and sustainability at the center of the organization’s decision-making and business innovation.
We believe this requires building an enterprise architecture, including modular and loosely coupled components, to integrate systems, applications, and data in a flexible and sustainable way over time.
Such a sustainable integration platform will de-silo business applications, facilitate the continuous collection of data, the industrialization of analytical reporting, and the connection to ecosystems. In short, it means building a dynamic CSR link in the value chain and anticipating the evolution of reporting obligations.
Ransomware in EMEA - The Threats and Defenses
Ransomware attacks have been one of the most high-profile scourges of business over the past decade — and the threat shows no signs of abating. If anything, it has become more prevalent as “ransomware as a service” has lowered the entry barrier for threat actors.
Innovation by cybercriminals keeps security teams on high alert. When governments and security agencies advise organizations not to pay ransom, attackers may switch to extortionware approaches.
Or, sticking with ransomware, they may use AI to augment their capabilities, refine their lures, automate attacks, or hit hundreds or thousands more organizations than they would have been able to previously.
This Is Going To Hurt
According to IDC’s Future of Enterprise Resilience Survey, conducted in November 2023, 63.4% of EMEA organizations with 500 or more employees suffered a ransomware attack that blocked access to their systems or data in 2023.
Which assets are being impacted? According to the survey respondents, the most frequently impacted resources were collaborative applications (37%) such as MS 365 or Google Workspace. These were followed by virtual or physical servers (35%) and public cloud IaaS and PaaS (also 35%). For 34% of organizations, ransomware attacks impacted their partner, supplier, or customer systems.
These impacts reflect the infrastructure and environments in which most modern organizations operate: cloud-based infrastructure and platforms running cloud-based collaborative applications on enterprise licenses for cost efficiency and productivity, often within broader digital ecosystems to enhance operational efficiency.
Targeting what has become the critical infrastructure for operational capability gives cybercriminals the greatest leverage over their victims. The hackers strive to ensure there is no choice but to pay the ransom.
The Best Defense is… Multi-Layered
Despite the rising volume of attacks, more than one-third of the surveyed organizations stated that no ransomware attacks had managed to block access to their systems or data. These organizations highlighted some of the key technologies that helped them detect the attacks before the malware was able to deploy.
The most frequently cited tool was a cloud security gateway/cloud access service broker (CASB, 30%). This aligns with the operational environments described above, placing protection where it is needed most. Deploying a CASB provides visibility and control over cloud environments and assets, enabling quicker detection and containment of potentially malicious activity.
Threats can come from within the organization as well as outside. A further 26% of respondents said they used specific security analytics aimed at detecting insider threats. The third most common response was SIEM systems (25%), which help by correlating data from multiple sources to identify suspicious patterns and anomalies before an attack. Organizations also mentioned that NDR, identity analytics/UEBA, and EDR helped with detection.
Fundamentally, there is no single technology that is a silver bullet against ransomware. Effective protection depends upon a layered approach that aligns security controls to the environment, infrastructure, and processes of the organization.
As attacks grow more prevalent, fueled by ransomware as a service and AI-augmented attack campaigns, EMEA organizations need to be on their guard with a mix of technologies to detect and contain malware payloads before they can be deployed.