Forbes: Six Cybersecurity Predictions As Organizations Plan For 2023

The C-suite and the board can no longer ignore the business risks introduced by cyber threats and vulnerabilities. Let's explore six important cybersecurity considerations against the backdrop of an expected recession. Despite expected economic headwinds, organizations cannot afford to allow cyber risk and associated cyber investments to slow down. Focusing on solutions to these six challenges can help leaders ensure they're positioned for recession resilience.

Cyberattackers will capitalize on a recession.

In an undeserving nod to threat actors, they tend to be resourceful and opportunistic as they capitalize on vulnerable moments in time. Ongoing economic uncertainty may lead some businesses to consider cutting budgets, including funding for their information security. That should be seriously reconsidered—it's the functional equivalent of locking only some of your home doors at night while there is a documented increase in neighborhood burglaries. Cyber defenders need to be right all the time, while attackers only need to be right once. Don't cripple your cyber defenses by cutting resources when you probably need them the most.

Increasing regulation and/or legislation will stress organizations.

Depending on how you look at it, there is good news and bad news on this front. The good news is that, in the U.S., both political parties seem to agree that something needs to be done on the cyber front. That said, implementing these kinds of changes is not often easy. Organizations should expect upcoming changes across regulatory, compliance and legislative policies. While the resulting burden for organizations will likely be palpable, the measures should enhance organizations' collective cyber defensive postures—which is beneficial at a macro level.

Slowing venture capital will prune the cyber landscape.

While startups were previously flush with venture capital cash, we can expect the funding firehose to slow down in the face of these sustained economic headwinds. We've seen significant layoffs in the industry, while firms are beginning to secure funding through debt versus equity. Less accessible funding can also lead to more M&A activity. Google's $5.4 billion acquisition of Mandiant was one of the biggest deals in 2022 and could be indicative of more M&A activity ahead in the cybersecurity landscape.

Cyber insurance is no longer the sole backstop.

Many organizations have previously viewed cyber insurance as an adequate (perhaps the only) safeguard against cyberattacks. However, with the economics increasingly upside down for underwriters, expect cyber policies to no longer be freely written. CNBC notes that costly data breaches, ransomware and other security attacks are also behind an increased cyber insurance policy cost trend, with the average premium increasing by 28% in the first quarter of 2022 compared with the fourth quarter of 2021.
As rates rise while coverage falls, organizations with low cyber maturity may find cyber insurance to be cost-prohibitive—or even find themselves uninsurable.

API security accelerates into the hype cycle.

While it's overdue, 2023 could be the year that application programming interface (API) security sees more traction. VentureBeat notes that the growing number of APIs within and between corporate infrastructures has made API security one of the biggest challenges for CIOs today. Conversely, it also means that APIs are a growing target for cyberattackers. Consider promoting API security on your organization's security roadmap. Otherwise, it could be the Achilles' heel that provides attackers with unfettered access to your sensitive data.

Zero trust will become a household name as a cybersecurity model.

Zero trust is a relatively new security paradigm that evolves classic "castle-and-moat" perimeter security models to a more granular "never trust, always verify" model. Zero trust defines a vision for holistic identity-centric security across networks, data and applications. While the details of implementing zero-trust principles can seem daunting at first, it is a sound approach to securing networks in the near future.
The value of zero trust has been seen even at the federal government level, as the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) are working to move the U.S. government toward a zero-trust architecture. In fact, the Department of Defense (DOD) released its Zero Trust Strategy and Roadmap in November 2022, which goes into detail on how the department will implement zero trust to achieve a stronger cybersecurity posture over the next five years.

Each new year provides an opportunity for learning, reflecting and optimistically preparing for the year ahead. This year has proved no different. Geopolitical events proved how cyberspace is a global tool that can be used for good and evil. It should be acknowledged as the business risk it is in 2023 and beyond. One thing is for certain: As long as the odds continue to be in the favor of threat actors, expect successful cyberattacks to continue to make headline news.
 

This article first appeared in Forbes.