High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all around the world to review their cybersecurity strategies. Gartner has released its top eight cybersecurity predictions for 2022-23 that can help keep your business safe from cyberattacks. This write-up will share the highlights from the Gartner’s report.
Cybersecurity predictions by Gartner reveal that executive evaluations will become increasingly linked to managing cyber risk, and almost 33% of nations shall regulate ransomware response within the next three years. Security platform consolidation is expected to help organizations thrive in harsh environments. The predictions will help security and risk management leaders in the digital era.
Cybersecurity leaders can build the following strategic planning assumptions into their security strategies for the next two years.
- Government regulations requiring organizations to provide consumer privacy rights are expected to cover 5 billion citizens and over 70% of global GDP through 2023: Privacy regulations continue to expand, and it is recommended that organizations track subject rights request metrics to identify inefficiencies and justify accelerated automation.
- By 2025, 80% of enterprises will be adopting a strategy to unify web, cloud services, and private application access using a single vendor’s Security Service Edge platform: Considering the growing hybrid/multicloud adoption, single-vendor solutions can offer more significant operational efficiency and security effectiveness than best-of-breed solutions, leading to tighter integration, fewer consoles, and fewer locations where data must be decrypted, inspected and re-encrypted.
- By 2025, 60% of organizations will embrace Zero Trust as a starting point whereas more than half will fail to realize the benefits: Zero trust is becoming prevalent in security vendor marketing and security guidance from governments. Zero trust is both a security principle and an organizational vision and requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.
- Cybersecurity risk will be the primary determinant in conducting third-party transactions and business engagements by 2025 for 60% of organizations: Currently, only 23% of security and risk leaders are monitoring third parties in real-time for cybersecurity exposure. Due to consumer concerns and interest from regulators, it is expected that organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties.
- By 2025, 30% of nation states will pass legislation that will regulate ransomware payments, fines, and negotiations: Modern ransomware gangs steal and encrypt data. As the decision to pay the ransom or not is a business-level decision, it is recommended to engage a professional incident response team and law enforcement and any regulatory body before negotiating.
- Threat actors will have weaponized operational technology environments successfully by 2025 to cause human casualties: As attacks on hardware and software monitoring and controls equipment, assets and processes have become more common, it is recommended that security and risk management leaders in operational environments should be more concerned about real-world hazards to humans and the environment, rather than information theft.
- 70% of CEOs will mandate a culture of organizational resilience by 2025 for surviving coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities: The inability of traditional business continuity management planning during the pandemic to support the organization’s response to a large-scale disruption indicates the need for risk leaders to recognize and build an organization-wide resilience strategy considering it a strategic imperative.
- By 2026, performance requirements related to risk will be built into the employment contracts of 50% of C-level executives: Most boards now consider cybersecurity as a business risk than just a technical IT problem. Hence, it is expected that the formal accountability for the treatment of cyber risks will see a shift from the security leader to senior business leaders.
Also read: Cybersecurity deal value grows by 155.2% in Q4 2021, says SS&C report