From a sharp rise in attention to the effectiveness of corporate cyber security programs to the growing impact of the recession on budgets, we lay out our 2023 cyber security performance management predictions.
In 2023, CISOs will need to be more creative than ever before as strong cyber security management has become more urgent, more transversal, and more expensive compared to previous years. A big part of the equation today is the increased scrutiny over the CISO offices’ performance versus transparency and regulatory accountability, evidenced by recent court cases.
As the risks and consequences of cyber attacks continue to snowball, more governments and regulatory bodies will put in place stricter and more complex regulations. This will translate to an even faster evolution in CISO responsibilities, many times having a powerful impact on both the CISO office and the wider company resources, rendering up-to-date cyber security performance metrics are more relevant and useful than ever.
Another critical part of the equation is the macroeconomic environment. There is an increased risk of global recession, with uncertainty on where the financial world will trend. The Covid-19 pandemic delivered a massive blow to many industries. We can even say that as the pandemic picked up pace, the high-tech sector’s role shifted from disrupting other industries to providing the means to stabilize them.
The growing cyber security challenge
For cyber security, Covid-19 translated to brand-new entry points, leading to more frequent and larger scale attacks on businesses and government infrastructure, expediting the need for a much more sophisticated and faster response and recovery approach. These challenges coincided with the Great Resignation and growing talent shortages, adding to CISOs’ already high stress levels.
While economic recovery efforts are underway, new international developments such as the Russia-Ukraine conflict are aggravating the macroeconomic situation further. It’s also ushering in a brand new era in cyberwarfare - one that is faster, dirtier, and more relentless.
3 trends that will impact cyber security in 2023
Shift from procurement to rationalization
In 2023, we predict new budget cuts that will affect CISOs and the security organization. Boards and executive leadership are likely to demand a higher ROI and a stronger justification of cyber security program spending. As such, CISOs will need to review and prioritize their security program goals, budgets, and human capital needs while meeting budgetary goals and achieving improved performance. They will want to be able to quickly and effectively answer:
- Which controls do we have?
- Which are we missing?
- What capabilities have duplicates and which ones can we consolidate?
New attack models to gain traction
Undoubtedly, we will see more attacks in 2023 - in scope, size, and variety. Hackers will evolve with the new times and opt for simpler and more efficient ways to break into networks. The upward trend in ransomware attacks is likely to continue as the Ransomware as a Service (RaaS) model – an adoption of the Software as a Service (SaaS) business model – has virtually eliminated the technical barriers to entry and made it incredibly easy to execute attacks with “off-the-shelf” tools.
Another growing concern is supply chain security. As the number of cyber attacks that originate from third-party suppliers continues to rise, we expect to see more organizations prioritize supply chain security and implement measures to protect against these types of attacks.
CISOs will need to answer questions such as:
- How prepared are we against a ransomware/supply chain attack?
- What is the impact of changes in our organization on our level of readiness?
- Which critical gaps can be addressed quickly to improve our readiness?
Consolidation trend to intensify
Mature metrics practices will continue to sweep across different business areas. For cyber security, this will translate to an even stronger capability consolidation trend in 2023. Fueled by a strong desire to understand better and make smarter decisions – as opposed to a rush to simplify things – the consolidation trend is driven by comprehensive data across all security programs around what’s working, what’s trending, and what needs to be improved (a 2022 Gartner survey showed that 75% of organizations pursued security vendor consolidation, up from 29% in 2020).
With performance management consolidated using the right metrics, CISOs will be able to answer questions such as:
- Are our security policies being enforced?
- How well?
- Which changes will make the most significant impact?
In the next twelve months, we predict the automated SeeMetrics cyber security management platform will be at the center of the equation. It will support open and transparent communication among stakeholders, with metrics that answer common questions such as the above.
While 2023 will bring a whole set of challenges, it will also bring solutions. With SeeMetrics, CISOs will be able to streamline the immense responsibilities and burdens they have, including rationalizing their security stack, optimizing the management of their security organization, and easily communicating budgetary needs and justifications to other stakeholders.