As the experts at Forrester Research set about predicting trends and developments for 2023, its global security and risk team has looked deeply into the cybersecurity crystal ball and discerned five trends.
Paul McKay, Vice President and Research Director, focuses on two of these trends in a blog post for Forrester’s European clients. Firstly, the estimation and assessment of risks is gaining in importance. This will manifest itself in companies increasingly establishing a CRO (Chief Revenue or Risk Officer) function, which will report directly to the CEO. In 44 percent of the companies polled in the AICPA’s “The State of Risk Oversight” survey, this management function already existed in 2022.
Secondly, McKay highlights that European organizations will damage employee trust by misusing software for monitoring employees. Such solutions have not proven particularly popular on the “old continent”, largely due to legal and regulatory requirements but also ethical values. However, managers have had concerns about productivity in this era of hybrid working scenarios and some feel a sense of unease about not knowing where their employees are located and what they are doing. As a result, Forrester observes that some European companies are starting to introduce productivity management tools, some of which intrusively record an employee’s every action. McKay predicts that at least one organization is bound to become overly zealous and destroy employee trust by misusing the technology, damaging their employer brand in the process.
Three more Forrester predictions can be found behind the paywall and are only accessible for the analysts’ paying clients. They can, however, be discovered in an article by “VentureBeat”, which tends to focus on the more US-specific prognoses. According to the article, a lot of the bigger deals in 2023 may hinge on whether a provider can show they have cyber insurance or not. Providers are consequently faced with the challenge of achieving the required coverage at the most affordable price. At the same time, cyber insurers need to close the gaps in their offerings. As a result, Forrester expects insurers to intensify efforts to acquire MDR (Managed Detection and Response) providers over the coming year.
Post-Exploitation Kits, such as Cobalt Strike, Metasploit, Mimikatz or Sliver are equally popular with hackers and security experts. However, the providers of these kits have differing levels of due diligence when it comes to their code being used to create breaches or other illegal activities, according to Forrester. That’s why the analysts are predicting that in 2023 at least one provider of offensive security tools will be sued by a company which has suffered losses.
Last, but not least, the experts anticipate that next year a Global 500 firm will be exposed by tech whistleblowers due to unacceptable working conditions for cybersecurity employees. In large part due to the chronic shortage of suitable employees on the labor market, the teams responsible for IT security tend to be understaffed and overextended. CISOs (Chief Information Security Officers) therefore constantly need to evaluate the potential for burnout amongst staff and take countermeasures if required.