Logo
Become a Client

In the digital business era, transformative advancements have reached unprecedented heights, driving rapid digital transformation and widespread cloud adoption across industries. This transformation has profoundly impacted customer experiences, enabling companies to offer seamless, personalized, real-time interactions across multiple touchpoints. By leveraging digital technologies and cloud capabilities, enterprises can create meaningful and engaging experiences that set them apart in the competitive digital economy.

However, this shift to cloud-based solutions has also led to an expansion of attack surfaces, creating newer areas of vulnerability. From smartphones and tablets to IoT devices and wearables, the proliferation of interconnected devices has resulted in a complex and vast digital landscape, each representing a potential entry point for cyberattacks.

Cyberthreat Landscape in Asia/Pacific

Cyberattacks worldwide are escalating at an alarming rate, becoming highly targeted and sophisticated. Cybercriminals continuously develop more intelligent methods to exploit vulnerabilities, steal sensitive data, or demand ransom. Securing all connected applications to critical infrastructure becomes more challenging, making it easier for attackers to find vulnerabilities to exploit, including the use of bots for both legitimate and malicious purposes. As a result, businesses face frequent, targeted, and complex cyberattacks, leading to significant financial burdens, customer attrition, and damage to brand reputation.

The Asia-Pacific Japan (APJ) region has seen a surge in cyberattacks, with a cyberthreat landscape that is intricate and constantly evolving. The region is influenced by geopolitical tensions, rapid digitalization, and the growing expertise of cybercriminals and state-sponsored hackers. According to IDC’s 2023 Future Enterprise Resiliency and Spending (FERS) Survey, Wave 2, a staggering 59% of enterprises in APJ fell victim to ransomware attacks in 2022, and 32% ultimately paid the ransom. Out of these, Australia, New Zealand, Singapore, and India were the worst affected regions. Among the affected businesses, 97% reported that the impact lasted from a single day to several weeks. This signals that now is the opportune moment for enterprises to strategically invest in cutting-edge technologies for proactive threat detection and decisive attack mitigation.

Significant Advancements in Threat Detection and Response

Today’s cyberthreat landscape has led to the emergence of EDR (End Point Detection and Response) and XDR (Extended Detection and Response) solutions backed by MDR (Managed Detection and Response)services to detect and respond to cyber threats. Early detection allows organizations to prevent or limit the damage caused by attacks, reducing data loss and minimizing the attack’s impact. According to IDC’s 2023 FERS Survey, Wave 2, 71.5% of the surveyed enterprises in APJ mentioned that threat detection and response tools, including EDR, NDR and SIEM (Security information and event management), helped them detect attacks before intruders had a chance to act.

EDR has become essential in enterprise cybersecurity strategies, used by organizations of all sizes and industries to protect their endpoints from cyberthreats. MDR services offer a comprehensive approach to shield businesses from advanced and frequent cyberthreats, delivered by experienced cybersecurity experts in a 24 x 7 remote SOC with cutting-edge solutions and hands-on support. As per IDC’s Asia/Pacific IT Services Survey, 2022, majority of the enterprises stated that the most important capabilities they seek in an MDR provider, is the ability to effectively integrate network and endpoint at the architectural level for enhanced visibility into assets and proactive threat detection at all surfaces. Apart from this, they also require an MDR provider to offer strong analytical capabilities. Some enterprises also indicate the need for a third-party analytical platform that can help absorb inputs from web, email, network, endpoints as well as cloud and deliver a comprehensive threat analysis. This is exacerbated by the need to have a proactive threat hunting for knowns and unknowns including third-party risk assessments from all sources as well as a well-suited and integrable range of threat detection and response offerings.

Enterprises are now directing their investments towards XDR solutions, empowering them to identify and effectively counter threats across networks, endpoints, and cloud environments. With advanced analytics, XDR solutions can form complex correlations between relevant data sources, reducing false positives and improving threat detection. IDC emphasizes that every XDR solution should include EDR capabilities, which can be enhanced with NDR, (Network Detection and Response) integration with external threat intelligence, and an underlying log management backplane, providing alerts from virtualized resources over the cloud.

The XDR solutions must also incorporate a SOAR solution for workflow management, DDoS Security, a WAF, web and email defense, identity and access management (IAM), data loss prevention (DLP), workload management, and FIM. XDR platforms are known for their scalability, reliability, extensibility, and modularity. While many XDR tools are cloud-based, some organizations prefer dedicated or on-premises solutions or a hybrid approach due to concerns about public cloud environments. Regardless of the chosen approach, a cloud-based XDR solution offers accessibility and flexibility for experts and analysts working in hybrid setups. A comprehensive XDR solution much in demand these days helps assist enterprises with threat quarantine, automated and manual remediation, alert escalation, reporting, and forensic analysis and must be the focus area for security service providers looking to cater to future enterprises.

Proactive detection and response may only sometimes be sufficient, particularly as cybercriminals adopt multi-vector approaches. The threat landscape’s complexity has led to the evolution of threat detection, including signature-based and behavior-based detection, threat intelligence, automation and orchestration, integration with incident response, and deception technology.

Using AI for TI – Threat Intelligence

AI-powered threat hunting leverages ML and data analytics to uncover hidden patterns and anomalies, improving the identification of potential threats. Businesses are now investing in threat hunting solutions that deploy AI/ML capabilities to predict threats based on historic patterns, addressing known and unknown threats with relevant insights and minimal false positives using comprehensive security analytics. AI’s relationship with threat detection and response is symbiotic, enabling more accurate and efficient threat detection, facilitating faster incident response and remediation, and empowering security analysts with advanced tools to proactively hunt for threats.

The potential use cases for threat intelligence are a significant leap forward compared to detection and response strategies. A prime example is identifying adversaries, a captivating aspect of threat intelligence, as it traces known threat vectors back to the responsible miscreant be it a cybergang or a nation-state sponsored attacker. Moreover, threat intelligence platforms can collect and correlate data from in-house security tools, including SIEM, UEBA, IDS/IPS, and antivirus software. This grants insights, validates possible insider threats, and supports external intelligence for forensic investigations.

The ever-evolving threat intelligence feeds necessitate consistent cross-referencing with up-to-date IoCs, such as behaviors, tactics, exploits, and open source code vulnerabilities. Here, automation plays a pivotal role in artifact collection, thereby ensuring accuracy. Additionally, there are times when unmanaged devices within a network can become inadvertent targets for attackers due to misconfigurations, incomplete patch management, or other issues. Threat intelligence also mitigates the challenges of shadow IT or enhances detection across data graveyards.

Remarkably, specific threat intelligence solutions cater to industrial control systems, APT intelligence, crime, and forensics intelligence. In the transportation industry, enterprises are leveraging threat intelligence to proactively prepare for attacks and fortify their infrastructure. Notably, a major Indian insurance company utilized threat intelligence to thwart 3.4 billion INR worth of fraud across various domains, integrating AI technology to enhance the fraud investigation process.

In the current landscape, establishing strategic partnerships between threat intelligence vendors and service providers holds the utmost significance. Enterprises seeking relief from financial and operational burdens desire consolidated service offerings. This market shift calls for security service providers to offer comprehensive solutions, including SOC, vulnerability assessments, incident management, and threat intelligence. Cultivating strong and strategic partnerships is pivotal for ensuring a unified, all-encompassing approach that aligns with evolving customer demands. Additionally, collaborative partnerships between security vendors and service providers aimed at delivering advanced threat intelligence capabilities and solutions by seamlessly blending global threat data with localized insights will offer a robust framework and a comprehensive perspective to potential clients on threats that hold significance in their unique operational context. This synchronized approach empowers organizations to stay ahead of evolving cyber risks and enhance their security posture.

Advice for Enterprises

For enterprises looking to adopt or elevate their threat detection and response capabilities, initiating efforts to reduce dwell time typically involves starting with EDR. However, sophisticated attacks often encompass more than just endpoints, necessitating the adoption of XDR as the next evolutionary step. Technology buyers are advised to assess their requirements and then look at investing in a multitude of advancements happening with the advent of AI/ML models in the threat hunting and threat intelligence space as an advancement to detection and response.

When selecting threat intelligence vendors, technology buyers should remember to prioritize those offering contextual insights that align with their industry and environment. It’s crucial to assess vendors based on their ability to provide actionable insights, enabling proactive defense strategies and swift responses to emerging threats. Integration capabilities are key, ensuring seamless collaboration with existing security tools and infrastructure. Look for vendors who blend global and local threat data to offer a comprehensive perspective and consider their automation and data enrichment capabilities to enhance threat detection accuracy. Scalability is essential to accommodate growth and evolving threat landscapes. Additionally, evaluate vendors using real-performance metrics such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) to ensure their effectiveness in rapid threat identification and resolution.

This approach ensures that your chosen threat intelligence vendor aligns with your organization’s unique needs and contributes to a robust security posture. Also, it is always essential to note that AI is not a silver bullet and should be used with human expertise, as security analysts play a critical role in validating and interpreting AI findings within the organization’s environment to make informed decisions regarding threat response and mitigation. Without a doubt, the collaboration between AI and human intelligence undoubtedly bolsters an organization’s overall security posture.

Get insight on adoption and perception of threat intelligence solutions by Indian enterprises in this on-demand IDC webinar here.

Interested in how enterprises should strategize their investments moving forward?

Read More About the Evolution of Threat Detection and Response to Threat Intelligence

Sakshi Grover - Senior Research Manager - IDC

Analyst Profile
Sakshi Grover is a senior research manager for IDC Asia/Pacific Cybersecurity Services, supporting its research and client engagement activities across Asia/Pacific markets. Additionally, she serves as the lead security analyst for IDC India. Sakshi is responsible for delivering syndicated custom research and consulting engagements on next-generation emerging and disruptive technologies. Her tasks include developing and socializing IDC's point of view within security services, covering both legacy and modern cybersecurity technologies. Her role involves close collaboration with technology vendors and buyers, developing market insights, and providing research, consulting, and advisory services in the fields of security software and services. This includes partnering on research efforts with relevant country analysts in the local IDC offices. Sakshi's views on security have been quoted in numerous publications, such as the Economic Times, Business Standard, Data Quest, CRN, and others.

In a world inundated with AI buzz, are you feeling overwhelmed by the incessant chatter around artificial intelligence? As the AI frenzy reaches its zenith, it’s imperative that we take a collective breath and evaluate how to get to a positive impact for our organization. Let’s pause and reevaluate the landscape.

Neil Ward-Dutton, one of our distinguished IDC analysts, once aptly noted that AI appears as an enchanting spell until we unravel its inherent limitations and complications. And limitations, there are many, regardless of how you approach the matter. A considerable portion of these limitations stem from the data that fuels AI’s algorithms: for AI systems developed internally, the scarcity of high-quality data in most organizations data often proves to be a stumbling block; and for generative AI systems that leverage pre-built “foundation models” already trained on external data sources, lack of transparency about the provenance and quality of those data sources creates a number of risks.

While generating training data is an option, recent observations indicate that excessive training can actually yield adverse outcomes. And that’s just the tip of the iceberg; the complications extend into the realms of bias and ethical quandaries.

Dispelling any illusions, let’s be clear – acquiring a software package won’t instantaneously immerse your organization into the realm of AI excellence. Remember the CIO who, a few years back, joyfully declared hiring two data scientists as the path to “getting AI”? Upon inquiry about their role and the benefits they’d bring, he confessed, “I’m not a data scientist; I don’t know.” Such anecdotes underscore the essence of the issue.

Presently, history seems to be repeating itself. When inquired about AI’s potential, responses often resemble, “I don’t know; I’ll ask the AI.” This reveals a common theme – many are intrigued by AI-enabled possibilities, but grappling with its tangible advantages remains a challenge. As the chasm between curiosity and efficacy widens, it begs the question: Is the investment in perfecting AI worth the monumental effort?

We have been defining what is needed to be successful with AI and the steps needed to make it work. We invite you to come and discuss with your peers what steps make sense and where to hold back inverstment. By the end of the session you should have insight into the value you can realisticly derive from AI over the next three horizons and what the pitfalls may be. 

 

Join the CIO ThinkTank on September 28th: On September 28th, from 5:00 to 6:00 PM CET, we invite you to participate in the CIO ThinkTank – an open dialogue among peers. 

In A CISO’s Guide to Artificial Intelligence, we view artificial intelligence as providing advisory, enhanced service, and semiautonomous cybersecurity defense functionality based on a range of structured and unstructured data, including logs, device telemetry, network packet headers, and other available information.

Simply put, AI is the application of applied statistics to solve cybersecurity problems. The goal is to create analytics platforms that capture and replicate the tactics, techniques, and procedures of the finest security professionals; democratize the traditionally unstructured threat detection and remediation process; or complete a range of near-real-time automated detection and response techniques that theoretically can be replicated, but by the time the security professional completed the task, it would be far too late.

As AI continues to promise simplicity in the face of the complexity of today’s security environment, it will be helped by the homogeneity of data.

Frank Dickson – Group Vice President, Security and Trust

However, our collective focus is in the wrong place in our opinion. The hype and conversation focus are on AI. Why not? The possibilities of AI inspire the imagination, illuminating the possible. The key to enabling outcomes in security is not about the AI; it is about the data. Many children are inspired by the power and girth of locomotives. The potential of the locomotive, though, relies on the boring and tedious process of laying the tracks and the enabling infrastructure. Likewise, data is the enabling infrastructure for security AI. Three characteristics are deterministic of success:

  • Data framework structures
  • Data management
  • Data curation

Data Framework Structures

As we look to unlock the potential of artificial intelligence to unlock the potential and promise of – for example – extended detection and response (XDR) creating frameworks and structures is critical. The most basic definition of XDR is:

  • The collecting of telemetry from multiple security tools
  • The application of analytics to the collected and homogenized data to arrive at a detection of maliciousness
  • The response to and remediation of that maliciousness

As we look to apply analytics to the collected and homogenized data to detect maliciousness, AI needs structure to be able to look at the data at scale. Afterall, AI is really no more than a mathematical model that implies the relationship of the data. Telemetry optimized for a point use case, such as the perimeter-centric defense of network perimeters of a firewall, is of little use if you cannot relate it with other data sets, such as identity, and if it is not framed in a way to achieve an end goal.

As we discussed the value of event sequencing as a core attribute of most detection and response offerings, much of the value was unlocked by application of the MITRE ATT@CK framework. Not only does the framework provide structure to the task of threat detection by mapping to the cyber kill chain, but it also creates a manner in which different tools from different vendors can structure data and prepare it for analysis.

Data Management

Data has weight and gravity. Security data has a lot of weight. For example, a typical endpoint protection platform agent will produce 150-200MB of data a day. Movement, storage, and management of such data quickly creates a problem of scale. Data retention policies thus can become quickly divisive topics.

In addition, only with AI can the increasing pools of telemetry be put to the very best use. ML has limits, but using AI to train for previously unseen patterns and lens on the data can (time-to-X) be reduced in a truly significant way.

Data weight has become a competitive differentiating tool. For example, the move by the infrastructure-as-a-service (IaaS) vendors to retain their own cloud logs at no or very low cost is significant, as SIEM is often priced based on the volume of data ingested, and the SIEM vendors cannot simply “eat” the cost of ingesting and storing voluminous cloud logs. Analysis needs to happen on the native format in a predictable manner. The entire business model of SIEM, XDR, and other analysis platforms thus is increasingly challenged and is changing based on the weight of data.

Data Curation

In a world where every vendor has a different data structure, curating heterogeneous data sets to create data homogeneity to enable analysis is an extra step, a potentially ominous step depending on the calculus and scale required. As AI continues to promise simplicity in the face of the complexity of today’s security environment, it will be helped by the homogeneity of data. In a world where every vendor has a different data structure, curating heterogeneous data sets to create data homogeneity to enable analysis is an inhibitor.

Restructuring data takes time and costs money. Thus, large vendors with broad portfolios have the advantage as multiproduct but single platform offerings save time and cost due to having a larger percentage of multi-technology homogeneous data sets.

Overcoming the issue of data curation is the objective of many standards. For example, Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) were developed by MITRE as the U.S. Department of Homeland Security FFRDC. STIX is a common language for threat intelligence, so it can be shared and machine-read by any tool supporting it. TAXII is the application layer protocol designed to simplify the transmission of threat intel data. In 2015, STIX/TAXII development was moved to the OASIS international standard organization. Today, the work is free, open, and community driven.

We would be remiss if we did not mention Open Cybersecurity Schema Framework (OCSF) here and its significance to AI. Normalization of hybrid multicloud security telemetry is needed before any converged data is useful. The goal of OCSF is to simplify the exchange of data between the tools that ingest it, manage it, and enrich it because every organization has a cornucopia of solutions purchased over the past half dozen years. OCSF means a single format to make it easy for those getting started instead of writing data connectors to a lot of solutions. The real story here is one of simplicity, which is the holy grail of cybersecurity solutions.

So what? What Does This Mean to YOU?

Look.  Every cybersecurity vendor is going to roll-out a generative AI interface for their tools, and they should.  It is the fourth generation of the user interface; it is significant. A vendor will be conspicuous without one. By the end of 2023, every tool of relevance will have one; tools without one will likely become irrelevant or subservient to those that do. The ability of the tool to create outcomes in your environment however will be determined not by the power of generative AI but in the data and the predictive AI models behind the generative AI.  It’s Not About the AI; It’s About the Data.

Learn More

Frank Dickson - Group Vice President, Research - IDC

Analyst Profile
Frank Dickson is the Group Vice President for IDC's Security & Trust research practice. In this role, he leads the team that delivers compelling research in the areas of AI Security; Cybersecurity Services; Information and Data Security; Endpoint Security; Trust; Governance, Risk & Compliance; Identity & Digital Trust; Network Security; Privacy & Legal Tech; and Application Security & Fraud. Topically, he provides thought leadership and guidance for clients on a wide range of security topics including ransomware and emerging products designed to protect transforming architectures and business models.

Interested in account-based marketing? Be sure to check out IDC’s on-demand webinar The Company is the Key: How Account-Level Intelligence Helps You Gain Share.

Why Competitors Matter to Your Account-Based Marketing Effort

Account-based marketing (“ABM”) is a strategic B2B marketing approach that targets a single company, division, or individual within a company. As such, it deploys far more targeted tactics than general marketing, designing campaigns around names and emails, individualized value propositions, and highly specific personas.

If your firm is engaged in ABM, it’s guaranteed your competitors are as well. This means you need to know what they are saying, how they are positioning themselves, and how they are engaging their prospects and clients so you can better align your own efforts.

Getting started by identifying the competitors you need to analyze can be a formidable task in crowded IT markets. Granted, for some technology areas, the number of true players is small enough that everyone knows who they are. For instance, in the Canadian market for notebooks, five manufacturers hold more than 85% of the market value.

 Identify Key Competitors In Busy IT Markets

For many IT markets, however, the list of competitors is long. For instance, in the U.K., IDC tracks more than 100 players in the market for financial applications. While the top 10 control around 58% of the market, the next 10 control less than 15%, leaving lots of room for ambitious software houses.

In China, the market for human capital management software is wide open, with the largest supplier holding less than 10% of the market. In the U.S., the market for custom application development is both enormous and fragmented, with the top 10 players accounting for only one-third of the value. In all three markets, there are lots of fast-growing players aiming to break into the top 10.

Figure 1: Market Analysis Example

To do ABM right, you need to identify the largest players and the fastest growing players both at the top of the market and in your revenue range. You then analyze their strategy and tactics for best practices and pitfalls.

* Only one supplier grew; the other was simply less negative.
** There are only 3 vendors in the top 11-20. Only one supplier grew; the other was simply less negative.

Source: IDC, 2023

Focus Attention on Priority Competitors

With so many tech suppliers, it can be hard to know on which of your competitors to focus your analysis. This is where market data comes in. IDC believes there are three primary ways you can use data to identify competitors worth your scrutiny:

  • Competitors Outperforming the Market: While you will already be aware of your largest competitors, it can be extremely useful to rank them by share. This reveals who has the most visibility and the messaging and approach you’ll need to position yourself against. You should also rank them by growth, as this is a strong indicator of the effectiveness of their go-to-market strategy, including ABM. For instance, in the U.K. market for financial applications, only two of the top 5 gained share in 2022. The rest lost share.
  • Fast Growing Competitors In or Near the Top 10: IT suppliers that are rapidly gaining share are doing something right. For smaller companies, a good year can give the illusion of exceptional growth. IDC therefore recommends looking at the fastest-growing suppliers in the top 20–30 (depending on the market), as these organizations are usually large enough to be dangerous. Returning to the U.K. market for financial applications, half of the top 20 software providers expanded much faster than the market; it’d be a good idea to catalog their ABM strategy and tactics for best practices.
  • Fast Growing Competitors In Your Revenue Range: If you are among the top performing tech suppliers or a fast-growing company nearing the top 10 or 20, the two points above have you covered. But if you are further down the list, identifying which firms in your revenue range are growing fast tells you who to watch out for — and perhaps who to emulate when it comes to ABM. In Germany, IDC tracks around 70 firms trying to steal share from SAP in the supply chain management space. In 2022, in the $2–5 million revenue range, five beat the market by significant margins. If you were in that range, these five would be worth examination.

In short, the right data can help you quickly identify which of your competitors to analyze for ABM best practices and the positioning and messaging to set yourself apart.

IDC Company Lens provided the data for this post.

Get Started With ABM Resources and IDC Data

ABM planning can be a time consuming and challenging process to get right, especially the first time. To help organize your thinking and make key decisions you can use this account-based marketing starter guide. This step-by-step guide can help you bring together marketing and sales teams to develop a cohesive ABM campaign by asking the right questions and identifying the necessary insights for planning.

Whether you are approaching ABM from the perspective of marketing or sales—or through indirect or direct business channels—in today’s economic climate, objective insight and expert advice about buyers, partners, and competitors is vital to inform and accelerate decision making, campaign production, and account planning cycles. IDC Data & Analytics offer a broad array of solutions which detail company and ecosystem dynamics for the global tech market and that matter most to answering critical ABM planning and execution questions.

To get in contact with us to book a demo, please reach out here.

Wall Street’s top regulator has adopted new cybersecurity rules that require companies to disclose a material cyber breach within four days of determining that the breach is material. The 96-hour requirement has been on the table for months, but the materiality qualifier puts a critical onus on boards and CISOs to get specific on their cyber-risk tolerance.

Until now, breach notification has been driven primarily by regulations or industry rules requiring notification “without unreasonable delay.” That afforded a fair amount of bandwidth within which to understand and assess a situation and then determine the most appropriate path forward. The new SEC rules raise the bar for publicly traded companies, demanding that they not only know that an incident has occurred but also requiring boards to quickly get fact-based in the context of materiality.

Any situation where shareholders would consider the breach important, or where there is significant potential impact on the company’s financial position, operations, customer relationships, or reputation would clearly be material. But, often, data breaches or other cyber incidents are more nuanced. For example, a data breach that impacts a small number of customers or a denial of service (DoS) that impacts a small location and that is quickly remediated might not be considered material for SEC reporting purposes.

In 2022, for example, there were an estimated 490 million ransomware attacks, and Microsoft said that it mitigated an average of 1,435 DoS attacks a day; most of those incidents would probably not meet a standard of materiality. While we always must be beyond reproach on reporting, we should not fall into the trap of launching a disclosure cycle only to find out that the incident was not, in fact, material.

Here are best practices to follow to ensure compliance with the new SEC rule.

Consider Materiality as a New and Critical Element of Cyber Oversight

The interpretation of materiality should be provided by the board, in the form of clear risk tolerance guidelines. Defining risk tolerance is a normal practice at the board level; clearly define the triggers that would push an incident into the SEC four-day window by using scenario-based analysis, including:

  • Customer data: If the breach impact is known, contained, and minimal, is it material?
  • Operational impact: If a subset of operations is impacted, and impacts can be contained and recovered, is it material?
  • Reputational risk: If a disclosure occurred where there was a small impact and the awareness and response are beyond reproach, is that material?

Understand How the Board of Directors Interprets ‘Materiality’

Neither the CISO nor the technology team should be responsible for determining or interpreting materiality. What matters under the new SEC rules is very much subject to interpretation, so the team needs to know in advance how the board wants “materiality” to be interpreted.

In addition, be mindful of opportunities to proactively stay within approved risk tolerance. For example, notification is generally not required for encrypted data, so take advantage of data encryption as it continues to be your best defense. If you have not already encrypted personally sensitive information, consider taking action to encrypt the data that is most exposed from the board’s risk tolerance perspective.

Ensure that You Have the Data to Assess, Monitor, and Report in the Context of the Approved Risk Tolerance

Plan around the defined risk tolerance to know exactly how to bring together the necessary data to monitor and report. Then build the capability to produce a clear, concise, and meaningful report that could be used for management and the board in an incident situation. Develop communications templates in advance for use if you have an incident, including models for reporting on progress and incident closure with a consistent notification and reporting cadence. Understand how you would report to each of the risk tolerance elements and exercise the data sources to know how those boundary conditions will be tested and reported on.

The new SEC rules raise the risk that the board will be distracted by the clock in the heat of a cyber incident. Time pressures make it easy to say too much or to elaborate beyond what is required. By planning the critical data strategy beforehand and using templated communications to share the right message, you can ensure that nothing is missed but the situation is not exacerbated by oversharing.

We look forward to learning more as the SEC rules are absorbed, and sharpening our thoughts and guidance as more details emerge.

Alizabeth Calder - Research Adjunct Advisor - IDC

Analyst Profile
Alizabeth Calder, an adjunct analyst with IDC's IT Executive Programs (IEP), is the former CIO of HomeEquity Bank, a contributing writer to IT World Canada, and a best-selling author and sought-after keynote speaker. She focuses on bridging the gap between the technology sector and the leaders who provide the governance and investment needed to succeed.

Enterprise leaders now see digital technology and capabilities as foundational to innovate and succeed in the digital business era. However, as enterprises continue to navigate economic uncertainty, we are seeing a greater emphasis on achieving clear business outcomes from technology spending.

The growing complexity and pervasiveness of technology within enterprises is also driving expectations for faster time to value. As a result, IDC sees a greater need for clarity on prioritizing technology investments, resource allocation and insight into achieving business outcomes.

These issues are far from only being affiliated with IT; they now extend upward into the remit of the C-suite and impact all functional areas; 44% of CEOs have told IDC they need help with their digital business strategies. Moreover, lack of skills both within the C-suite and across the organization remains a key hurdle to achieving business outcomes from their digital initiatives.

Unveiling IDC’s FoX Scorecard Unique Value Proposition

One of the tools IDC  believes will be instrumental in enabling business and IT leaders to navigate these obstacles is the IDC Future of “X” (FoX) Scorecard. The FoX Scorecard provides IDC clients with proprietary data and research to:

  • Understand Future Enterprise capabilities and their correlation to business outcomes.
  • Compare performance relative to peers and leading enterprises.
  • Identify areas for resource and process optimization and investment.
  • Implement recommendations from best-in-class organizations.

The FoX Scorecard methodology brings together the insights from our worldwide FoX analysts who have a deep understanding of the capabilities required to become a Future Enterprise. With the analysis expertise from IDC’s quantitative survey team:

  • The FoX research framework explains the processes, organizational structures, and enabling technologies that empower enterprises to achieve their top business goals.
  • The FoX Scorecard survey data identifies the investments, readiness, and performance across diverse enterprises across the globe.

For example, IDC’s Future of Work Agenda research reveals that organizations are struggling to implement the right balance of on-site and flexible work practices, understand what the best practices are to maintain company culture and how automation can make employees more productive.

Learn from Leading Organizations

The recently published IDC Future of Work Scorecard compares which approaches and technology deployments differentiate “Leading” enterprises from their peers. For example, best practices in hardware, software and services investment, driving increased operational efficiency, improved employee productivity and cost savings. These improvements arise not simply because of a single investment or deployment.  They occur across key areas of work augmentation that in turn have an impact on work culture as it evolves in office, remotely and in spaces in between. At the most advanced level, enterprises that lead the culture, space, and augmentation pillars quickly embrace work transformation and new ways of working.

IDC’s analysis reveals that only 11% of worldwide enterprises are at the “Leading” stage. KPIs such as employee and customer satisfaction, quality scores, improved skills-levels, innovation and task-based metrics are important to these Leading enterprises. The Scorecard shows the stark measurable differences in positive business outcomes achieved by Leading organizations compared to all others – especially those that are nascent in their work transformation journeys. The gap between the Nascent and Leading enterprises points to areas of improvement.

Another example comes from IDC’s Future of Connectedness agenda program. The Future of Connectedness Scorecard analysis reveals that just 8% of enterprises are at the Leading stage, highlighting the connectivity technology areas of investment that most enterprises need to accelerate innovation. The insights from this Scorecard identify areas for optimization and investment across three capabilities: (1) Connectivity Transformation, (2) Services Enablement, and (3) Contextual Experiences. The results show the largest gap between the Nascent and Leading enterprises today is in their ability to use real-time insights to improve business outcomes.

Relevance to the Most Pressing C-Suite Agenda Items

Our 2023 Global CEO survey revealed that economic pressures top the list of risks to organizations. This underscores the need to measure the outcomes from any business investments, including technologies, services, and new hires. The most successful enterprises in the digital business era will be intentional about their investments. Using a fact-based approach to decision-making is what IDC FoX Scorecards are designed to offer.

The connection to business outcomes is what really makes the Scorecard methodology so relevant in today’s economic climate. IDC has built a standard approach to measuring business value across all our research domains. Scorecards are being rolled out across the following IDC research programs this year:

  • Future of Operations
  • Future of Trust
  • Future of Customer Experience
  • Future of Enterprise Intelligence
  • Future of Connectedness
  • Future of Industry Ecosystems
  • Future of Digital Infrastructure
  • Future of Work
  • Worldwide Digital Business Strategies

Technology Suppliers are Part of the Equation

While the FoX Scorecards are designed to help end-user organizations, IDC believes that success will come when enterprises work closely with their trusted technology and service providers to advance their capabilities. The ongoing challenges facing the C-suite create an opportunity for suppliers to deliver targeted solutions and services to help enterprises drive business outcomes.

In an increasingly crowded and competitive tech industry, we expect the winning tech companies and services firms to finely tune their offerings and engagement model to empower enterprise customers to achieve business outcomes. Becoming a trusted advisor means being engaged with customers, helping C-suite and group leaders identify strengths and shortcomings, and demonstrating the benefits of improvement from accelerated technology investment.  

Ultimately, when the economic picture begins to turn more universally positive, enterprise leaders will remember and reward the vendors that were there to help them during challenging times.

Summary: If You Don’t Measure It, You Can’t Improve It

During this period of economic uncertainty, a time when inflation is high, geopolitical conflict threatens supply chains, and qualified workers are in short supply, enterprise buyers are seeking faster time to value and quantifiable business outcomes from their tech investments. IDC FoX Scorecards will serve as valuable tools for IT and business leaders, aiding them in prioritizing and optimizing technologies and capabilities that can maximize business outcomes. And for IT suppliers, FoX Scorecards will be instrumental in demonstrating and measuring the value of their technology solutions.

Learn More

Tony Olvet - GVP, Worldwide C-Suite & Digital Business Research - IDC

Analyst Profile
Tony Olvet is Group Vice President, Worldwide C-suite and Digital Business Research at IDC. His team's global research focuses on the connection between business transformation and digital investments across enterprises. Tony's analysis and insights help vendors, IT professionals, and business executives make fact-based decisions on technology strategy and digital business. Tony has worked with clients across a variety of organizations including global IT manufacturers, enterprise software vendors, telecom service providers, financial institutions and public sector organizations. He has been quoted in major business and industry media including CIO Magazine, The Globe and Mail, CBC and The Financial Post.

Is Generative AI possible without the cloud? This question lingers as we delve into the world of AI innovation and explore the potential of generative AI models.

Let’s try to agree on the pivotal role that cloud platforms play in unleashing the power of generative AI as they provide a pathway to rapid development, scalability, and help to unlock the full potential of what some call a groundbreaking technology.

So, do we think generative AI truly flourishes without the aid of cloud platforms? Are they really a match made in technological heaven?

The cloud serves as a catalyst for rapid development and scalability in the realm of generative AI. Imagine the obstacles faced by both startups and established vendors burdened with the need for costly infrastructure investments.

High-performance computing resources such as GPUs and TPUs become accessible without substantial upfront investments. This liberates organizations to focus on what truly matters: developing innovative generative AI solutions, free from almost any infrastructure concerns.

 

Download eBook: Generative AI in EMEA: Opportunities, Risks, and Futures

Beyond this, though, one of the most important benefits of cloud platforms for generative AI is the way they provide managed access to pre-trained foundation models and APIs. These resources act as a springboard, propelling developers forward without the need to start from scratch.

Pre-trained models capture the knowledge and expertise of generative AI experts, saving significant time and computational resources. By leveraging these models, developers can advance their projects, focusing on fine-tuning and customization rather than spending countless hours on training models.

Of course, enterprises can build and host their own foundational models themselves if they so wish, but this is a very expensive, complicated and time-consuming process that requires large teams of rare specialist talent. Cloud providers offer APIs that abstract the complexities of generative model architectures, thus simplifying the integration of generative AI capabilities into already existing and newly built applications. This democratizes access to generative AI, allowing developers to use its power without too deep expertise in model development.

Building generative AI models usually requires comprehensive and efficient development environments. Cloud providers offer a wide range of frameworks, development libraries, and collaboration tools tailored specifically to generative AI. These tools simplify the development, training, and evaluation of generative models, supporting developers and data scientists in bringing their ideas to life. By partnering with cloud providers, companies building developer tools and platforms ensure seamless integration with cloud-based infrastructure and services.

Yet, as much as we want to believe this is a romantic relationship, this is in fact a marriage of convenience aka business, so both sides need to think how this partnership will work for them.

 

Watch the Webcast: Generative AI in EMEA: Opportunities, Risks, and Futures

 

What AI-Model Providers Should Do

Prioritize Knowledge Transfer

To fully utilize generative AI, it is crucial to invest in knowledge transfer and training programs. Collaborate with cloud providers to develop training materials, workshops, and resources that enhance the understanding and skills of employees. Empowering individuals within organizations to leverage generative AI technologies effectively will maximize the potential of this field.

Foster Continuous Learning and Research

Leverage the support provided by cloud providers for research and development. Engage in research collaborations, attend conferences, and utilize cloud resources for experimentation and innovation. Staying up to date with the latest advancements in generative AI is vital for building new solutions.

Plan for Strong Data Management

Strong data governance practices in place are a must to ensure compliance, data privacy, and responsible use of data. While it makes a lot of sense to leverage cloud platforms’ data management and governance tools to maintain data quality, data lineage, and appropriate access controls throughout the generative AI lifecycle, AI providers must never assume that cloud providers’ tools are enough.

What Cloud Providers Should Do

Invest in Hardware/Chips R&D

Enhance hardware and chip capabilities specifically tailored for generative AI tasks. Explore specialized hardware accelerators, optimize GPU and TPU architectures, or even develop new chips designed to accelerate generative AI computations. By staying at the forefront of hardware advancements, cloud providers can offer superior performance and cost-efficiency.

Develop Industry-Specific or Use-Case Specific AI Frameworks

Differentiate by developing industry-specific or use-case specific AI frameworks that cater to the unique needs of various domains. Offer pre-trained models, domain-specific data management tools, and integration with industry-specific applications. By providing specialized AI frameworks, cloud providers can enable businesses to leverage generative AI effectively and drive sector-specific innovation.

Support Model Deployment and Lifecycle Management

Cloud platform providers must develop comprehensive tools for model deployment, monitoring, and lifecycle management in support of generative AI governance. This includes intuitive interfaces for deploying models, robust monitoring for issue resolution, and higher-level tools for responsible AI delivery. Simplifying processes enhances user experience for developers and data scientists.

 

Together, both sides should absolutely focus on building ecosystems and on fostering collaboration models that encourage the participation of various stakeholders in the generative AI space. Cloud providers need to create open platforms and APIs, allowing seamless integration with innovative tools, services, and solutions to provide customers with a broader range of generative AI capabilities. AI creators can leverage open platforms and APIs to integrate tools and services developed by complementary companies in the generative AI space, fostering a thriving marketplace of offerings.

And please, remember, a marriage of convenience can only work in situations where both partners enter the marriage with clear expectations and mutually beneficial goals. This can be too much for real family life but should be exactly what’s needed for commercial success.

Ewa Zborowska - Research Director, AI, Europe - IDC

Analyst Profile
Ewa Zborowska is an experienced technology professional with 25 years of expertise in the European IT industry. Since 2003, she has been a member of the IDC team, based in Warsaw, researching IT services markets. In 2018, she joined the European team with a specific emphasis on cloud and AI. Ewa is currently the lead analyst for IDC’s European Artificial Intelligence Innovations and Strategies CIS.

In large, complex IT organizations, there is a need for effective management of financial resources to support the organization’s IT initiatives. One crucial question in this management is whether there is an IT finance function embedded within the IT organization or whether it is centralized under the corporate Finance department. IDC sees the question, not infrequently, from IT organizations where Finance is arguing for assuming these staff in the interest of efficiency.

Based on IDC experience with large, complex, client IT organizations, we have observed that a majority of these organizations have embedded financial staff within their IT organizations. This embedding is crucial for efficiently and effectively rolling data up to a central finance department (FIN) while retaining an understanding of complex technical subjects. Below are some reasons our clients choose to retain financial functions within their IT organization:

  • Retention of Subject Matter Experts (SMEs): IT staff who specialize in finance possess valuable expertise in both technology and financial processes. These individuals have acquired deep knowledge of the organization’s technology requirements, IT finance, and business requirements. When embedded staff are moved outside of IT to Finance, they rapidly lose key skills (particularly understanding the technologies) and connection to IT projects, which then necessitates additional work or staffing by IT BRMs to address the new gap. This loses any theoretical efficiencies or cost savings. By keeping specialized finance staff embedded in IT, the organization ensures the retention of critical knowledge and experience, promoting efficient collaboration and problem-solving.
  • Efficient Translation of IT Concepts: Translating complex IT concepts to finance professionals can be a time-consuming process. Relocating embedded finance IT staff to a central FIN department risks introducing communication gaps that impedes understanding and hinders decision-making. Keeping embedded IT finance staff ensures more seamless communication and collaboration, enabling efficient interpretation of technical jargon and facilitating effective alignment between IT and finance.
  • Cloud Technology Integration: The shift towards cloud computing represents a significant transformation for organizations, particularly in terms of financial management. The cloud introduces new financial considerations, such as subscription-based models, pay-as-you-go structures, and cost optimization strategies. It is crucial for finance professionals to have a strong understanding of IT and cloud technologies to effectively manage and optimize financial resources. By retaining finance staff within IT, the organization ensures that financial expertise is readily available to navigate the complexities of cloud adoption and effectively manage the associated financial implications.
  • Mitigation of Inefficiencies: Centralizing the finance function may introduce inefficiencies in the IT organization. With finance staff separated from IT, decision-making processes, financial planning, and budget allocation may become disjointed and convoluted. By keeping finance staff embedded within IT, the organization fosters a cohesive and streamlined approach to financial management, ensuring alignment between business goals, technology investments, and financial strategies.

Based on IDC experience with large complex client IT organizations, a majority of them retain dedicated technology-finance staff within their IT organizations. This is a recognition that organizations need to preserve critical subject matter expertise that enables efficient translation of IT concepts, facilitates the integration of cloud technologies, and mitigates potential inefficiencies. This approach promotes effective collaboration, informed decision-making, and optimized financial management within the IT organization.

Interested in learning more? Click the button below for more content from our CIO Executive Council.

Learn More

Daniel Saroff - GVP, Consulting and Research Services - IDC

Analyst Profile
Daniel Saroff is Group Vice President of Consulting and Research at IDC, where he is a senior practitioner in the end-user consulting practice. This practice provides support to boards, business leaders, and technology executives in their efforts to architect, benchmark, and optimize their organization's information technology. IDC's end-user consulting practice utilizes our extensive international IT data library, robust research base, and tailored consulting solutions to deliver unique business value through IT acceleration, performance management, cost optimization, and contextualized benchmarking capabilities.

The China New Energy Vehicle (NEV) market has soared over the past two years and has become the most promising segment in the China passenger vehicle market. Amid a new round of industrial chain adjustments and upgrades centered around NEVs, Internet of Vehicles (IoV) and intelligentization, o rthe addition of AI to a system, NEVs have become new focal points among suppliers and car manufacturers.

  • The realization of smart cockpits and smart driving functions as the demand for new energy passenger vehicle accelerates.
  • Autonomous driving and smart cockpits have become popular areas for IoV market development.
  • Rapid growth in the automotive cloud market given it is the infrastructure behind IoVs.

NEVs Drive the Intelligent Transformation of China Automotive Industry

The China NEV market size bucked the overall market fluctuations in the first quarter of 2023. Not only did the emerging brands maintain their overall development momentum, but traditional car manufacturers achieved phased progress in electrification.

The NEV market has grown over the past few years with increasing penetration. IDC predicts that the penetration rate of NEVs in the China passenger vehicle market will exceed 30% in 2023.

China’s New Energy Vehicles Make Waves in Automotive Industry

According to Bull Wang, Research Manager at IDC China, the electrification and intelligentization of passenger vehicles is a vital indicator of the development stage of the entire automotive market. Electrification makes the underlying architecture of vehicles more suitable for the realization of smart driving and smart cockpits technologies, the two pillars of vehicle intelligentization.

Research shows that autonomous driving technology is applied in the passenger vehicle market primarily in the form of assisted driving functions, especially for vehicles in the RMB 200,000–400,000 price segment. In terms of smart cockpits, breakthroughs have been made continuously in the dimensions of interaction between vehicles and users, expanding the use cases of cockpits.

In recent years, the industrial upgrading of IoV capabilities is an important support and driving force behind the rapid realization and development of smart driving and smart cockpit technologies.

Vehicle Market Shows the Trend of Electrification, Intelligentization, Networking, and Sharing

A car manufacturers’ launch of many functions is inseparable from the overall upgrading of upstream technologies and product systems in the automotive industry. The vendor led IoV market has formed as an organic combination of technology products for vehicles, roads, communications, cloud infrastructure and platforms, security, services, and solutions. It is now evolving toward electrification, intelligentization, networking, and sharing, among which electrification has been preliminarily completed. Intelligentization and networking are the current market hotspots, and sharing is an important trend in the future development.

Catherine Hong, Senior Research Analyst at IDC China, noted that IoV is an important direction for the integrated application of car manufacturing with software and communications.

With the continuous penetration of assisted driving functions, high-level autonomous driving products have become the mainstream direction with suppliers’ developments focused on technology upgrading and mass production.

Automotive Cloud Will Achieve a Compound Annual Growth Rate (CAGR) of 53.6% Over the Next Five Years

Automotive cloud refers to cloud computing infrastructure*, platforms, and use case solutions to meet the digitization and intelligent transformation of the automotive industry. This includes automotive industry suppliers, main engine manufacturers, and industry users of intelligent vehicles.

IDC predicts that the China automotive cloud market will continue to hit new highs in its growth, exceeding RMB 60 billion in 2027, at a five-year CAGR of 53.6%.

Yang Yang, Research Manager at IDC China, emphasized that the intelligent networking of vehicles has redefined the relationship between cloud and industry. The cloud is the production system, data and algorithms are competitive advantages, and software redefines products and services.

IDC Analyst Viewpoint

Looking ahead, with the further popularization of new energy vehicles, the rapid development of new technologies such as intelligentization, networking and autonomous driving, software-defined vehicles will drive the continuous transformation and upgrading of the automotive industry.

This will also reshape the vehicle industrial chain, leading to a new market competition landscape. How enterprises in the industrial chain will leverage their capabilities, make courageous transformations and seize market opportunities will become the top priority for automotive industry players.

Read more about IDC’s China research related to the smart vehicles and gain insights into future trends in the automotive market.

Learn More

*Cloud computing infrastructure includes public cloud infrastructure services and private cloud infrastructure construction; cloud solutions include platforms and application solutions hosted on various types of cloud infrastructure.

Bull Wang - Research Manager - IDC

Analyst Profile
As a research manager for client systems research in IDC China, Bull Wang has his research focused on topics of autonomous vehicle, connected vehicle, new energy vehicle, next-generation mobility service, and other automotive-relevant topics. Bull is responsible for conducting research and analysis for China and the global market, providing services for tech buyers, tech vendors, and tech watchers in the automotive industry. Prior to joining IDC, Bull had experience in conducting market research projects, such as brand health tracking, campaign evaluation, car clinic, and consumer portrait. His other experiences include social media monitoring for acquainting public opinion on brand and product. Bull has long served the leading companies in automotive industry, including Volkswagen, BMW, and Lexus, among others, with experience in project management on both agency and client sides. Bull graduated from China Foreign Affair University, majoring in diplomacy, and obtained a Law bachelor's degree.

In 2022, the ability to attract and retain talent was the #1 internal CEO concern worldwide according to the Conference Board CEO survey after a booming 2021. Fast-forward 12 months, the environment is different due to layoffs in the tech and financial services sector, inflationary pressures, and the looming recession.

However, in the Conference Board CEO survey for 2023, the ability to attract and retain talent remains the #1 internal CEO concern worldwide.

This CEO expectations of a continuous tight labor market in Europe and elsewhere is supported by data from Eurostat from June 2023. Despite fluctuations mainly related to the Covid-19 pandemic, unemployment appears on a continuous downward trend in the EU, while the EU overall employment rate is on a continuous increase.

The recent wave of layoffs in high tech and related industries – shocking as it was – is unlikely to change this picture. Why? Because it already happened and is on the decrease after peaking around January 2023 for the technology industry and even earlier for other industries, according to Layoffs Tracker.

Our own survey data confirms that the European labor market remains tight. Over half (54%) of software decisionmakers are challenged to find new staff in IDC’s European Enterprise Apps & CX Survey from January 2023 (n = 670). Viewed by industry, recruitment difficulties are present across industries, with signs of some easing of the severe labor shortages that was experienced in retail and hospitality in 2021.

What IDC’s survey data also says is that employee retention pressure has dropped off somewhat in 2023, because of the economic uncertainties and layoffs. In our report, Status of Employee Retention in Europe, based on a survey of 2,785 European employees in March 2022, we found that an alarming one in every four employees on average was actively and voluntarily looking for another job. Some job seekers were forced to look for alternative employment due to relocation or being on a temporary contract (i.e., actively and involuntarily job hunting), and those were excluded.

We made a similar survey in March 2023 of 3,527 employees in Europe. The new survey showed that the proportion of voluntary job seekers had decreased from 24.5% in 2022 to 16.8% in 2023 — a drop of almost 8 percentage points. We asked those that were not actively looking for a new job in terms of why not, and the second and third most popular reasons were most interesting because they referred to the current economic environment, making it “financially sensible to stay” and “hard to find a new job,” respectively.

These concerns appear to be the main reasons why we saw the proportion of voluntary leavers decline from 24% in 2022 to 17% in 2023.

European Organizations Use a Multitude of Coping Strategies to Improve Employee Attraction

Given that the tight labor market is likely to continue for the foreseeable future, what are European organizations doing to get the staff that they need? We asked all software decisionmakers in organizations with some level of recruitment difficulties about their coping strategies.

Interestingly, upskilling and reskilling existing employees was the most popular answer. Educating current employees and redeploying them in new, relevant positions makes sense in many cases.

Existing employees already have valuable knowledge about the organization and industry compared with new hires. One open question is how extensive upskilling/reskilling efforts are required and what learning methods will be needed.

We believe that a significant proportion of the upskilling/reskilling activity will focus on technology and data related skills.

European organizations will also use other methods to make ends meet. The second most popular coping strategy is offering higher salaries, which we see practiced for positions where there is a confined resource pool and limited substitution options. Examples could be a certain trading specialist, a particular medical professional, etc.

Third place was hiring more recruiters and acquiring better recruiting tools, which is a reasonable strategy, especially in organizations where the recruiting function is understaffed and equipped with outdated software and/or processes.

Other popular strategies included widening the spectrum of applicable candidates, lowering criteria, and investing in better branding and candidate marketing.

Three-quarters of organizations deployed a combination of coping strategies. It means that organizations typically see these coping strategies in combination, as opposed as individual silver bullets. Please see Employee Shortage Coping Strategies in Europe (IDC #EUR150726123, June 2023) for more information.

What Are the Upsides from the Point of View of HCM and Payroll Application Vendors in Europe?

The tight labor market and recruiting difficulties among European organizations are in fact sweet music in the ears of many of the software vendors in the HCM space. The solution areas that are best positioned to capitalize on the employee attraction desires and approaches of European organizations are:

  • eLearning solutions, learning services, reskilling strategy services. The stated intent to “reskill and upskill” can be achieved by different means, including onsite training, mentoring, and external education courses, learning technologies are also likely to play a key role. IDC believes that the reskilling/upskilling ambitions will trigger investments into more comprehensive eLearning technologies, as opposed to micro learning and social learning approaches.
  • Recruiting solutions and services. Vendors of recruiting solutions and HCM suites with strong recruiting modules stand to benefit as do providers of talent acquisition services and recruiting agencies. Investing in such capability is almost mandatory, as the consequence of doing nothing and not being able to attract the required talent can be crippling for an organization.
  • Skills mapping, skills management, and skills matching solutions. Upskilling and reskilling is a fine remedy, however, an overview of existing skills and skill gaps are prerequisite to invest in learning. In order to progress, an organization first needs a map – a skills map – to navigate and target investments.
  • Temp staff providers, outsourced labor services. In some industries, such as healthcare and professional services, organizations will include contingent labor and external services as part of the solution to the lack of available labor resources.
  • Marketing solutions related to candidate marketing and employer branding. In this age, the employees do not come flocking around employers. Rather, it is the other way around. Employers must target potential applicants on social media and build databases with passive candidate pools, and target these effectively. This requires marketing technology, and this opens a new target market for vendors of such solutions.

Bo Lykkegaard - Associate VP for Software Research Europe - IDC

Analyst Profile
Bo Lykkegaard is associate vice president for the enterprise-software-related expertise centers in Europe. His team focuses on the $172 billion European software market, specifically on business applications, customer experience, business analytics, and artificial intelligence. Specific research areas include market analysis, competitive analysis, end-user case studies and surveys, thought leadership, and custom market models.