Consumer Privacy, Corporate Risks and More

erma erma
Risk Management Article
December 20, 2022

Consumer Privacy, Corporate Risks and More

Cyberattacks will hurt a business’s ability to run even more in the future if it doesn’t treat cybersecurity as a business investment.
The top eight cybersecurity forecasts made by Gartner convey this message to CISOs, CIOs, and other executives in security and risk management throughout the globe. As much as remote work, hybrid cloud integration, and digital transformation projects continue to strain IT and cybersecurity teams, this fact serves as a sobering reminder that the threat landscape is evolving faster than most organizations can respond.

What does the forecast indicate?

Gartner’s top eight cybersecurity predictions warn organizations that they need to be more resistant to cyberattacks to lessen their effects. Reducing the explosion radius of larger, perhaps more lethal strikes is essential.

The predictions imply that companies shouldn’t just worry about ransomware or any other type of cyberattack that is currently popular. Instead, companies are advised to prioritize cybersecurity investments as a key part of risk management and see them as investments in their business. According to Gartner’s projections, by 2025, sixty percent of enterprises would consider cybersecurity risk as the major decision for third-party transactions and business partnerships.

It is essential to increase resilience across every threat surface. For example, while Gartner only talks about zero-trust network access (ZTNA) in one of the eight predictions, most of the predictions cover its main ideas and benefits. The predictions also say that spending money on preventive controls is not enough and that resilience needs to be given a much higher priority. This is because threat surfaces expand quicker than many businesses can detect and guard against them.

By 2025, 80% of organizations are expected to unify their web, cloud, and private application access via a single vendor’s secured service edge (SSE) platform. One of the fundamental technologies powering SSE systems is ZTNA.

Gartner’s top eight cybersecurity predictions for 2022-2023 are as follows:

  1. Government legislation mandating firms to provide consumer privacy rights will cover 5 billion persons and more than 70% of global GDP by 2023. Last year, approximately 3 billion people in 50 nations had consumer privacy rights, and worldwide privacy legislation is expanding. Gartner recommends that companies keep track of subject rights request metrics, such as the cost per request and the time it takes to fulfill it, to find inefficiencies and justify the need for faster automation.
  2. By 2025, 80% of organizations will use a single SSE platform to combine web, cloud, and private application access. The convergence of the web, cloud services, and private apps is already a widely-discussed topic. Mergers and acquisitions are driving stand-alone ZTNA suppliers to integrate into SSE and SASE systems.
  3. By 2025, sixty percent of enterprises will adopt zero trust as a starting point for security. More than fifty percent will not grasp the benefits. In addition to identity access management (IAM) and privileged access management (PAM) issues in enterprises today, Gartner’s pessimism reflects how difficult it has become for organizations to safeguard the exponentially increasing number of machine identities they’re generating.
  4. By 2025, sixty percent of enterprises will consider cybersecurity risk as their major criterion for third-party transactions and business collaborations. This forecast suggests that cybersecurity must be emphasized as a company expenditure, with an emphasis on minimizing operating risk. The fact that only 23% of security and risk leaders are monitoring the threat posed by third parties, despite Gartner’s observation that cyberattacks directed at third parties are on the rise, demonstrates how large of a window of opportunity this opens up for attackers. Gartner predicts that within three years, risk assessments will need to be done before contracts are signed with third-party companies. This is a sure sign that cybersecurity will be a big part of how businesses run.
  5. By 2025, 30% of nation-states, up from less than 1% in 2021, will have laws that regulate ransomware payments, fines, and negotiations. Today, French cybersecurity insurance businesses refuse to pay ransoms for ransomware attacks on their clients. Gartner thinks nation-states will control ransomware payments like the French cyber insurer. This forecast also demonstrates the increasing importance of risk management, deterrence, and resilience as business decisions.
  6. By 2025, adversaries will have successfully weaponized operational technology settings to cause human deaths. Unfortunately, air gaps aren’t enough to defend energy, oil, gas, and processing refineries and manufacturing centres that use industrial control systems (ICS) without cyberattack protection. Thus, it’s hardly surprising that 46% of known operational technology (OT) cyber threats are poorly identified or not detected.
  7. By 2025, 70% of CEOs will require a culture of organizational resilience to deal with threats from cybercrime, severe weather, civil unrest, and political instability. Another forecast reveals that CEOs view cybersecurity as a risk management issue rather than an IT issue. Even though a rethinking of the cybersecurity technology stack is required for more severe threats and risks, the focus of Gartner’s inquiry calls must be on countering the most common cyberattack techniques for a given month or time. Gartner’s emphasis on resilience indicates that, when it comes to cybersecurity, its customers prefer band-aid solutions to pressing problems rather than comprehensive technology overhauls.
  8. By 2026, 50% of C-level executives will have risk-related performance obligations in their contracts. Over three years ago, forward-thinking boards began holding CEOs accountable for ESG activities. CIOs are paid based on how much their departments decrease revenue barriers and, most crucially, how well they serve sales to increase revenue. CIOs and CISOs require risk management skills like CEOs need ESG skills. This prediction has been backed up by more and more evidence for years.
Resilience in technological stacks

The eight cybersecurity forecasts can help chief information officers and chief security officers assess their progress toward building resilience and redefining their technology stacks to counteract emerging threats. When CISOs are paid for risk management, cybersecurity becomes a business choice. That is a positive step toward recognizing resilience as a basic company characteristic to be enhanced.