Last year, our predictions for 2021 focused on ransomware, covid scams, employee burnout, among others. In hindsight, most of those predictions not only came true, but are still issues for 2022. This year, we want to tailor our predictions to be more specific to what CISOs should be prepared for. While we will still see widespread phishing attacks, cloud-based services security loopholes, the following predictions are what CISOs can do to prepare for the next year of predictable—yet often, not protected against—trends. By describing and detailing what to expect in 2022, companies should have a good grasp on where they generally need to beef up their defenses, mitigate cyber risk, and prepare for the year to come. As always, your industry, locality, threats, budget, and risk appetite will dictate specific areas to focus attention.
1. Increased cooperation between the C-suit board and security teams
In an increasingly digital world, it is of utmost importance to maintain a secure environment. Which makes it critical that there is a coordinated effort between the board and security teams to promote good cyber outcomes. Instead of having a formal report created by a head of IT—or an outsourced company—it will be commonplace to see companies create a process to keep advisors involved in the security teams’ strategic security initiatives. For years there has been an understandable tension between security leaders and corporate boards working towards an equilibrium. Understandable because cybersecurity is a relatively new practice in business as compared to financial management, which has well-defined and established linkage to the overall health of the business. Effectively and efficiently being able to communicate how cybersecurity spending and performance supports the business and translates to risk and the bottom line continues to elude many organizations. The data is clear, cyber spend is higher than ever, yet so are the number of attacks and incidents.
If you would like more info on this subject, stay tuned, because we are going to be publishing a whitepaper on this topic.
2. The Cybersecurity insurance industry will continue to grow and so will premiums
Even before the COVID-19 pandemic, the changing environment of data storage and cloud coverage has been followed by a rapid growth of cyber insurance. In Q1 of 2020 when companies and governments mandated telework and other remote possibilities, the once straightforward cyber insurance market had to pivot to adjust to new demands and coverage. The umbrella for cyber insurance now covers more than just data breaches—ransomware attacks, malware incidents, and phishing—and will continue to expand into new frontiers as cyber criminals find new ways to infiltrate a company’s IT infrastructure.
In the face of increasing cyber threats over the past few years, demand for cybersecurity insurance coverage has shot up after strings of high-profile data breaches have cost businesses millions of dollars. A significant contributor to the recent trends in cyber insurance pricing can be attributed to a surge in ransomware attacks. Over the last year, security researchers have found that ransomware attacks have increased by over 150% and resulted in a string of high-profile attacks against government agencies, critical infrastructure, and private businesses. The research also indicates that there has also been a drastic increase in the average ransomware payment by victims, to the tune of a 290% increase according to a report published by the Howden Group. This means that we are seeing both a rise in frequency as well as the severity of ransomware attacks on consumers, businesses, and public entities alike, which will result in more cyber insurance claims.
3. Privacy laws and standards will continue to have a big impact on security teams
On January 1st, 2020, California became the first state to introduce and start regulating a consumer data privacy act. More than a dozen additional states have followed suit—making business implement more reasonable security measures to safeguard their customers’ data.
In addition, the recent executive order signed by President Biden pushes for greater collaboration between the federal and private companies on cyber threats. The executive order will primarily do two things: change the policy on current cyber threat reporting and assessment and remove barriers to sharing threat information between private and public sectors.
4. Business application mesh and cross-platform app sharing will create additional security gaps
The amount of cloud services and app integrations have skyrocketed in the last few years, let alone the last decade. The move to 3rd party APIs will only continue to grow. More hands in the pot of cloud-based data creates more avenues for bad actors to gain access to restricted data. If one company gets breached and has an integration with another cloud-based service, without proper safeguards this could provide hackers with the ability to pivot into other networks. With that being said, companies may have to reconsider their usage of integrations with other apps if they do not fully trust the cyber-IT of them.
5. AI and machine learning will help beef up defenses
The sheer number of attempted cyber-attacks on websites this past year creates a tremendous portfolio of automated integration and machine learning to understand just how these attacks may occur from start to finish. Instead of looking at a couple of events that may have occurred for one company, it is imperative that companies take a look at the bigger picture and see how other industries may be dealing and fighting with current attacks.
6. Outsourcing IT “all-in-one” prebuilt solutions will become even more popular
Many high-quality software companies (Zoom, Salesforce, HubSpot) are already outsourcing their apps and integrations without the need for ever stepping foot in a company’s workspace or network. Just as these software companies have been able to provide low-cost SaaS, we may see IT companies start offering a complete package of IT related products all-in-one. Defense.com presents a good example of scaling to different sized companies—from small business to enterprise editions. The convenience of an all-in-one solution at less of a cost than having internal IT staff will be highly sought after. With the rise in companies increasing their IT security, this business avenue might boom in 2022.
7. 2022 will have the highest amount of $ ever paid in ransoms for data breaches
It is as simple as this: with the increase in sheer number of cyber-attacks occurring year to year, ransoms will increase—how many and for how much—in the same fashion. The average cost of a data breach increased from $3.86 million to $4.24 million in 2021 alone. That increase will be expected if not largely surpassed this year.