trends blog header

6 Cybersecurity Trends That Will Impact Businesses in 2023

If 2022 has taught companies anything, it’s that effective information and cyber security are now essential to business success.

The headlines have been awash with stories of data breaches and attacks caused by poor, unclear or even a complete lack of information and data security management processes. The result? Significant financial losses, reputational damage, and hefty fines from regulatory bodies for the impacted organisation and, in some cases, their suppliers.

In response to the increase in cyber threats, laws governing cybersecurity practices, such as; HIPAA in the U.S., GDPR in Europe and The Privacy Act in Australia, are making it clear organisations must be able to demonstrate information and data security best practices and effective implementation across all aspects of their business.

So, given where we are now, what exactly does 2023 have in store for companies? We’ve looked at six key trends we think will dominate the information and cyber security landscape in 2023 and broken them down below.

Trend 1: A Privacy-First Approach to Information Security

In 2023 we expect to see the compliance landscape being led by privacy rather than information security, which is how it has traditionally been for the last ten years.

The growing amount of privacy legislation is driving the conversations businesses, and governments are having about achieving information security rather than the other way around. Multiple countries adopting stricter data privacy regulations will shift the conversations even further towards a privacy-first approach out of necessity.

The platforms that dominate our data in the digital age have already started stepping up their privacy-first policies in a big way: Google is ending the 3rd party cookie in 2023 and moving to a privacy sandbox, which, whilst still not a perfect solution, is undoubtedly a huge step forward. Apple has included privacy protection features since App Tracking Transparency in iOS 14.5.

Other drivers for a privacy-first approach will be the requirement for adequacy with the EU GDPR. If organisations want to work with the EU, they must show adequacy with, if not direct, conformity with the regulation. Localised data privacy regulations specific to other countries outside the EU will also start driving this approach while creating a global compliance landscape that is becoming increasingly complex and extensive.

As the demand for privacy increases, so do the consequences of violating privacy. Not only are there fines from new laws, but brand perception and trust are at risk every time confidentiality gets broken. Therefore, brands that can demonstrate a privacy-first approach to their information management will immediately set themselves apart from their competitors and position themselves as trusted organisations which will only benefit the financial bottom line.

We expect organisations to look to frameworks such as ISO 27001 and ISO 27701 to help achieve privacy-first information security. These frameworks set clear expectations for building confidentiality, integrity and availability of user data and empower businesses to embed strong information security management behaviours.

Trend 2: A Global Harmonisation of Information, Privacy & Data Regulation

2023 will see a push towards global harmonisation of information and data privacy regulations. Aligning and harmonising regulations globally will improve security, particularly regarding data protection, innovation and interoperability, and cost.

Trying to comply with multiple differing and, in some instances, increasingly divergent regulations and frameworks for businesses wanting to operate globally or outside their geographic borders creates huge workloads for companies, and doesn’t necessarily improve data privacy or security due to this heightened level of complexity.

Harmonising security frameworks will empower better information and data privacy for all organisations and governments and enable global trade and business rather than inhibit it. Consistent application of data protection methods and procedures reduces risk and builds trust across borders and supply chains.

In addition, data duplication is minimised by having fewer national data residency laws – less data proliferation means a lower risk of data compromise. And, at the same time, interoperable architectures enable and facilitate privacy and security by design, a fundamental requirement for effective information security.

Trend 3: A Passwordless Future Ahead

Whilst not a new idea, the growing consensus is that the only answer to phishing is moving to a passwordless approach to access management, enabling a fundamental shift to phishing-resistant authentication. We expect to see this rise in popularity in 2023.

Passwordless security frameworks offer a real opportunity to tackle the scourge of phishing while providing better security, privacy, scalability, and convenience. Adopting a passwordless approach benefits both enterprises and customers. It strengthens organisational security by eliminating the risk of password breaches and credential stuffing attacks and improves the user experience. This approach lets people effortlessly and quickly access services, as they don’t have to spend hours resetting forgotten usernames and passwords.

While the benefits of passwordless authentication are significant, it isn’t entirely without risk, so we also expect to see this adopted whilst using a zero-trust model, identity access management practices and robust security controls. This will make passwordless authentication smoother and more secure for organisations.

Trend 4: The Supply Chain Problem Persists

We expect to see the supply chain increasingly leveraged by cybercriminals not just for financial gain but also as a political attack vector, specifically within critical national infrastructure. Sectors such as healthcare, energy, finance, and transport will become ever more attractive targets, meaning that the supply chain problem presents a significant threat to life, information security, and data privacy challenges.

The threats introduced into the supply chain continue to evolve in complexity, scale, and frequency. You only have to look at the headlines from the last few months; Medibank, DSB. and Chase UK all suffering significant cyber attacks within their supply chains to see that without robust information and data security strategies, this issue will persist into 2023.

Organisations must continue maturing their supply chain security and risk management capabilities to successfully defend against this cybersecurity attack vector. Businesses will also be under significant pressure reputationally to demonstrate their security posture in this space to retain and win clients.

One of the most robust tools available to organisations is an information security management system and information security framework to establish solid foundations for reviewing and ensuring information and cyber security within their supply chain.

Trend 5: Internet of Things Risk Landscape Intensifies

Gartner estimate that by the end of 2023, there will be three times more IoT devices than humans. By 2025 an average connected human will interact with an IoT device every 18 seconds, and every one of these interactions will need to be secured appropriately.

The IoT sector has been consistently growing over the last decade and this will continue into next year, increasing cyber risk for organisations. Some mitigation within IoT will be achieved by new regulations, such as the EU Cyber Resilience Act, which will introduce mandatory cybersecurity requirements for products sold in the region, however the law won’t have authority until 2025 at the earliest.

Businesses should focus on connected device cyber practices by establishing or updating related information security policies and procedures. Furthermore, companies will need to update inventories of their IoT-connected devices while monitoring and patching devices more closely to secure those endpoints further, manage vulnerabilities, and respond to incidents.

Trend 6: Creative Approaches to Managing the Cybersecurity Skills Gap

The cybersecurity skills shortage presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. We expect organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.

The current skills gap is estimated at 3.4 million according to the 2022 (ISC)2 Cybersecurity Workforce Study. Securing the teams necessary to tackle the growing information security threat landscape will require a creative approach.

Recruiting talent within cybersecurity is possible, but companies must consider looking beyond degrees and technical training to secure talent in the sector. And once recruited, organisations must develop and train existing employees as an ongoing process. This will reduce staff churn and promote the learning culture essential to mitigating cyber risk.

Outsourcing will likely be more integral in organisational cybersecurity strategies, partnering with external companies or individuals with specific expertise that supplement existing internal capability to elevate their cybersecurity risk profile. This approach would also reduce pressure on internal teams during crunch periods and empower upskilling by providing time and headspace to develop new skills.

Strengthen Your Information and Privacy Security Posture Today

If you’re looking to start your journey to better information security and data privacy management, we can help.

Our ISMS solution enables a simple, secure, and sustainable approach to information management with ISO 27001, NIST and other frameworks. It offers additional modules including supply chain security, risk management, and people compliance assurance that can be quickly adopted, adapted, and added to over time to achieve successful cybersecurity and better adoption of secure behaviours within your organisation. Unlock your competitive advantage today.

Book A Demo

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more