Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
The cybersecurity and risk privacy landscape is changing fast. Many analysts’ cybersecurity predictions for 2023 suggest that organizations aren’t just having to optimize existing processes to combat threat actors, they’re also having to reevaluate how they approach cybersecurity as a whole.
Recently, Forrester analysts shared some of their top cybersecurity predictions for 2023 with VentureBeat. These highlight that there is a cultural shift taking place in how organizations manage risk and privacy concerns.
Some of the most shocking predictions made by Forrester analysts include: cybersecurity employees turning into whistleblowers in response to burnout; C-level execs coming under fire for using employee monitoring; and more cyber insurance providers making the jump into the MDR market.
Below is an edited transcript of their responses.
Intelligent Security Summit
Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.
More than 50% of chief risk officers (CROs) will report directly to the CEO
“As firms embrace innovation and digital strategies, they now also face unprecedented change from systematic risk forces, evolving regulatory landscape, supply chains still in chaos, and a shift in customer expectations.
As firms expand their risk management strategies to include new sources of risk, and shift their center of gravity to include non-financial risks, the role of chief risk officer (CRO) is emerging as critical, even among non-financial firms.
But it’s not enough for today’s CROs to protect against the downside of risk (that is, compliance, insurance). As risk management gets more attention and gains prominence internally, CROs are being tasked with finding opportunities for growth.
In this capacity, risk management is not a ‘cost of doing business’ but an opportunity to ‘do more business.’ This creates a shift in reporting structure, with more CROs reporting directly to the CEO.”
— Forrester senior analyst Alla Valente
A C-level executive will be fired for their firm’s use of employee monitoring
“With the rise of remote and anywhere work options, some employers are turning to technologies for electronic monitoring of employees. Companies must prioritize privacy rights and employee experience if implementing any monitoring technology, whether it’s for tracking employee productivity, enabling a return-to-office strategy, or addressing concerns of insider risk.
“It’s a business initiative that companies must be very careful with in planning and implementation, because there are many opportunities for disaster from a regulatory and workforce perspective.
“Monitoring efforts can violate data protection laws like [the] GDPR, as well as newly enacted laws in New York and Ontario, Canada that are specifically related to employee monitoring. In 2023, we can expect more lawmaker attention on issues of workplace surveillance, like the accountability bill proposed in California.
“We are also likely to see more employee protests, as well as labor union strikes and organizing in response to monitoring efforts seen as intrusive and an overreach from employers.”
— Forrester principal analyst Heidi Shey
Expect three cyber insurers to acquire MDR providers
“Cyber insurers will move aggressively into the MDR segment, calculating that it’s better to provide detection and response services for the clients they insure, rather than relying on the clients to do it themselves. This will continue the trend kicked off by Acrisure in 2022.
“MDR acquisitions give insurers: 1) high-value data about attacker activity to refine underwriting guidelines; 2) unparalleled visibility into policyholder environments; and 3) the ability to verify attestations.
“Security leaders buying MDR from an insurer should factor in how the insurer will make use of telemetry in underwriting — which will likely not go in the buyer’s favor; whether they think the insurer will invest in delivering cybersecurity services like MDR; and if they think their insurer can help them stop active attacks in process.”
— Forrester VP principal analyst Jeff Pollard
“Security professionals and attackers alike use post-exploitation kits like Cobalt Strike, Metasploit, Mimikatz and many others. Some providers share disclosures or include a due-diligence process for sales to ensure customers are not using the technology for harm.
“As more of these tools crop up, enterprises and governments will pressure providers to ensure tools don’t get into the wrong hands, which will affect how these tools are created and shared.
“In 2023, this will lead to litigation against a provider, which may establish precedent for other software products to be caught in the crossfire, specially as tensions build over third-party breaches. Mitigate your exposure by securing what you sell as part of your cybersecurity program.”
— Forrester senior analyst Allie Mellen
A Global 500 firm will be exposed for burning out its cybersecurity employees
“Weaknesses in cyber defenses have the opportunity to impact society at mass levels. The teams at the heart of these defenses are understaffed and burning out. A 2022 study finds that 66% of security team members experience significant stress at work, and 64% have had work stress impact their mental health.
“Similar findings were reported for incident responders, who work more than 12-hour days in the first week of an incident. Burnout extends well beyond mental health, resulting in attrition health risks and even death.
“In a critical national infrastructure study, 57% of security directors cited burnout as a top reason for leaving [the] profession. Additionally, a WHO study shows that those who work 55 hours a week have a 35% higher risk for strokes. And in 2022, there have been burnout-related deaths of tech employees in Australia and China.
“In 2023 a security employee will come forward about unsafe working conditions following a line of tech whistleblowers. Evaluate and address the inputs to burnout, provide physically and psychologically safe environments, and support security teams with the tools, processes and budgets they need to do their jobs.”
— Forrester VP and principal analyst Jinan Budge