The field of cybersecurity is rapidly changing. Here we spoke with a number of Cybersecurity experts and Industry leaders to find out the most critical cybersecurity trends to watch in 2023. Here are the top cybersecurity predictions for 2023 from the experts:
Cyber resilience will come from people—not technology
I believe that 2023 will be the year when enterprises recognize that they are only as secure and resilient as their people—not their technologies. Only by supporting initiatives that prioritize well-being, learning and development and regular crisis exercising can organizations better prepare for the future.Bec McKeown, Director of Human Science
In 2023, organizations will focus on driving a positive digital employee experience (DEX) without compromising security. Not only do draconian security controls lead to bad DEX, but they also cause users to find workarounds, which on balance creates an overall less-secure IT estateJason.Keogh , Field CTO
The cybersecurity workforce shortage is no secret. In 2025, research says global openings will reach 3.5 million. So far that conversation has been theoretical – if anything, positioned as an opportunity for young professionals seeking a career in cybersecurity, which it is. But unfortunately, 2023 is the year we’ll see this all come to a head. I expect we’ll see a nationally significant attack in the U.S. that can be directly tied to a shortage of cybersecurity talent – either due to a mistake made by an overburdened employee, or an attack that overwhelms an understaffed teamMarcin Kleczynski , CEO
Research has consistently shown that humans are still the most notable risk to cybersecurity, and this largely results from a lack of awareness, negligence, or inappropriate access controls. Training alone will not solve these problems, nor will attempts to turn everyone into a cybersecurity expert.John McClurg , CISO
Cloud-native and Kubernetes projects become secure by default
Kubernetes offers many advantages but also poses unique security challenges that can be difficult to address for organizations lacking in Kubernetes talent and experience. However, Kubernetes clusters are not secure by default, and as threats become more advanced and mature it will be unrealistic to require developer teams to also be security experts. Deploying Kubernetes platforms with security built in by default will be recognized as a means to reduce the burden of security on IT teams. Keeping security and developer expertise separate will reduce the pressure and burnout on both sides.Deepak Goel , CTO
As Istio becomes an integral part of organisations’ cloud-native stack of technologies (along with Kubernetes, all things open source), it will also become a key part of bolstering security within companies. We will see more government agencies and commercial organisations adopt Istio to strengthen zero-trust mandates within technology infrastructure.Idit Levine , Founder and CEO
Cyber risk management will be a top priority for business leaders
As a result of this, in 2023, we will see companies double down on cyber risk management. Cyber risk governance is not just the domain of the CISO it is now clearly a Director and Officer level concern. When it comes to cyber, plausible deniability is dead.Karen Worstell , Senior Cybersecurity Strategist
Budget cuts, amid economic uncertainty, will leave companies vulnerable to cyberattacks
Once rumblings of economic uncertainty begin, wary CFOs will begin searching for areas of superfluous spending to cut in order to keep their company ahead of the game.
Jadee Hanson, CIO and CISO
The cybersecurity industry is historically resilient in tough economic times. On the cusp of a recession, this time won’t be any different. Recession or not, businesses are facing unprecedented volume and sophistication of threats, and the potential losses from cybersecurity threats aren’t going to go down, either; cybercrime cost the UK £27B in 2022, and that figure is likely to increase. Amid that backdrop, CIOs in the UK predict that the top area of increased investment (66%) will be cyber and information security during 2023.
Marcin Kleczynski , CEO
Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally.
Tyler Moffitt , Security Analyst
Cyber insurance will become a core part of understanding cyber risk and building resiliency
I expect the volume of virtual-first business operations to increase in the year ahead. In turn, cyber insurers will need a deeper and more dynamic understanding of organizations’ cybersecurity risks and IT systems in order to reduce cyber risk and build resilience. By partnering with third-party cybersecurity solutions providers, insurers will gain greater risk insights and leverage these to set new expectations for potential policyholders and help raise their cyber posture.Vincent Weafer , Chief Technology Officer
I expect to see more investment into quantifying cyber risk. This will drive better collaboration and data sharing between security companies. Cyber insurance carriers will lean into partnerships with technology companies to fuse security data with insurance and risk modeling insights. The net result is more accurate risk quantification, which will in turn help keep policyholders safer.Jason Rebholz , CISO
Healthcare will continue to be top targets for cybercriminals in 2023
With telemedicine becoming the norm, ransomware and deepfake attacks on the healthcare industry will continue in 2023. As increased amounts of people turn to telehealth to connect with healthcare professionals, have prescriptions filled and file their healthcare records, the door for fraud is left wide open for attackers to strike.Rick McElroy , Principal Cybersecurity Strategis
Software security still has significant holes
Today, software security still has significant holes, and a missed patch or single misconfiguration can open the door for a breach or hack.Idit Levine , Founder and CEO
This will also be forced as more organisations implement Zero Trust.
Over the past year, organisations have been looking into secure architecture and trying to understand what it truly means. Essentially, Zero Trust is attribution access, but an idea which is now mature. As we move into 2023, senior decision-makers and security teams are discussing how they can achieve a granular-approach in real-time, and ultimately, they will come back to the issue of identity data management.Wade Ellery , Solutions Architects and Senior Evangelist
Zero Trust security measures will only become more important. Zero Trust assumes that there is no longer a traditional network edge, and takes a more stringent, continuous, and dynamic approach to user authentication, but also does this seamlessly to avoid impacting the user experience.John McClurg , CISO
As more and more organizations abandon their internally hosted data centers and migrate to the cloud, they will increasingly rely on zero-trust models to improve security and prevent lateral movement.Christopher Prewitt, CTO
Government and industry will take steps to eradicate ransomware
With ransomware more pervasive than ever, industry and government will be forced to address the issue at its core. Ultimately, paying ransomware simply funds the activity, so the only way to eradicate ransomware is to stop the payment of it entirely. It is unlikely that any new legislation will be introduced in the next year, but we will certainly see discussions start to materialise about what this may look like and possibly the first iteration of this developed.
Adam Brady , Director, Systems Engineering, EMEA
Below are the detail comments from the cybersecurity leaders, cybersecurity experts, industry leaders and industry experts on what will likely dominate the cybersecurity landscape in 2023 and beyond.
We expect more and more organizations looking to prioritize the consolidation of their security tooling by making the most out of their existing solutions for additionaluse cases or by leveraging platforms. Tool sprawl is impacting effectiveness of DevSecOps-focused programs, adding complexity and creating friction for developer adoption. Likewise, in today’s economic conditions there are obvious budgetary and operational advantages to using platforms vs. point solutions. Over the last few years, we’ve seen the evolution of application security methodologies from focusing on surfacing issues leveraging various types of scanning to new practices that place more importance on more efficient prioritization and remediation. We’re starting to see this same transition – from “audit” based security to “fixing” based security – in cloud security as well and we expect that this motion will intensify throughout 2023.
Organizational constraints in the uncertainty of 2023 will result in high-profile cyber incidents: Uncertainty is pervasive around the world, and it will provide an environment ripe for threat actors to exploit. In the current, rapidly changing economic and geopolitical climate, organizations are under increased pressure to do more with less, securing their business with similar or potentially fewer resources against the ever-increasing volume and severity of cyber attacks. A high-profile cyber attack will have even greater consequences to the victimized organization, as one major data breach threatens to cripple the entire business when organizations cannot afford any downtime. Cybersecurity incidents are expensive and can go on for years, including the cost of cleaning up after a breach, paying for incident response and forensic investigations, legal costs, changing security providers, through to notifying customers and regulators. In 2023, we will see even more high-profile incidents as a result of the increased pressure of organizational constraints in these times of uncertainty.
IT leaders themselves admit a lack of transparency in cyber incident reporting within their organisations, with more than half of respondents (55%) to a recent Keeper Security survey saying they’ve kept a cyberattack on their business a secret – an increase of 19% since 2021. In the year ahead, business leaders will prioritise fostering trust and transparency within their organisations, creating an open dialogue to recognise the scale of the cybersecurity challenges their organisations face. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into any organisation’s culture.
With the evolving threat landscape, more organisations will implement educational programs for their employees to mitigate cyber risk factors – taking every endpoint, system, database, and application seriously. In Keeper Security’s recent report exploring insights from UK IT leaders, the vast majority (79%) of IT professionals expressed concern about a breach from within their organisation, and 49% of those respondents have suffered a breach of that nature. Despite this, only 48% of respondents currently provide employees with guidance governing passwords and access management. This year, business and IT leaders will do more to educate teams and ensure everyone is following cybersecurity best practices.
“Each year, software and applications are only becoming a bigger part of our lives. As this demand for better digital experiences continues to grow, it is imperative that businesses remember that the need for better security increases alongside it. To achieve success in 2023, businesses will need to set out on the right foot from the beginning and ensure their security strategy is considered from the first line of code.
If we have learnt anything from 2022, it is that no organisation is immune to cyber threats. Fortunately, however, we are seeing proactive new steps to help prevent risk, with the likes of the European Cyber Resilience Act (ECRA) and Digital Markets Act (DMA) both coming into play in the last year. This, coupled with the increased demand for better digital experiences, seems to have reenergised the investment and prioritisation of cybersecurity by businesses. Many professionals expect further laws to be introduced in the coming years and want to get ahead of anticipated mandates by investing in better security practices and emerging technologies, such as automated, machine learning-driven remediation.
While we are seeing positive steps in the right direction as we enter 2023, it would be naive to think that we can ease up and pat ourselves on the back. Security is neither a tick-box exercise nor an end goal, but rather an ever-evolving journey. Now, more than ever, we should be ensuring that security is pervasive not invasive. Then, hopefully we’ll be able to reach a place where businesses truly have an always-on understanding and active role in mitigating cyber risk before disruption can occur.”
“Financial services organisations of all sizes have seen digital interactions and call volumes rise over the last two years. Like all brands, banks must offer great customer experiences to remain competitive. But the nature of their business means security must always be a top priority. Traditionally, adding security meant adding friction to the customer and agent experience, so financial institutions will prioritise investments in technologies that strengthen security and CX simultaneously.
“Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of recovery if lost or stolen.
“In 2023, an increasing number of banks will turn to modern technologies – such as biometrics – to robustly safeguard customers. We’re already seeing banks get immense value—including 92% reductions in fraud losses and 85% increases in customer satisfaction—from biometrics solutions that eliminate authentication effort for customers while making life very tough indeed for fraudsters. Over the next 12 months, I expect to see many more financial services organisations following in their footsteps.”