What is on the horizon for cybersecurity in 2023?

Now that we’ve closed the door on 2022, we can apply key lessons from the year as we prepare for another undoubtedly eventful year in cybersecurity. For many, last year was a case of 'business as normal’ with organisations seeing a return or partial return to the physical office, but familiar threat vectors were accompanied by new challenges, such as increasingly complex digital landscapes and geopolitical tensions. 

However, for the first time in a long while, we witnessed positive developments in the space, including improved cybersecurity education for end-users and the adoption of IT Security protection by smaller organisations. As we refine our security programmes to tackle 2023’s challenges, here are five cybersecurity predictions for the year ahead, with insight on how to improve your cyber preparedness.

READ MORE: Protecting your assets from cyber attack with Egnyte  

Investment in cybersecurity will continue to increase 

Cybersecurity is finally being viewed as a strategic investment rather than a budgetary line-item. While cybersecurity budgets might be tighter as the economy changes, I still anticipate an upward trend in 2023 and beyond. For example, in an informal poll of more than 150 webinar attendees on 31 January 2023, 52% of poll respondents stated that their cybersecurity budgets will increase in 2023, with another significant percentage (35%) stating that their budgets will remain the same.  

By following effective cybersecurity practices like the implementation of ongoing, company-wide cybersecurity training, maximising endpoint security, and limiting access to data on a ‘business need to know’ basis, organisations can alleviate downtime and improve employee productivity. Over the long haul, cyberattack prevention is almost always less expensive than passively waiting for an attack to occur. At a time when businesses are managing expanding data volumes, cybersecurity must be an always-on company priority. 

Greater attention will be paid to incident response planning and execution 

In the past several years, major data breaches and ransomware attacks have had a profound impact on organisations across the board, from financial implications to brand reputational damage. In 2023, I anticipate the increased involvement of executive and corporate communications teams when it comes to responding to cyber threats. A formal incident response plan must be in place for executive management to refer to immediately in the event of a breach, and it needs to be systematically practised via tabletop exercises before an attack occurs. Customers, employees, and business partners also need routine recovery updates to discourage negative posts on public platforms like social media and user feedback forums. 

READ MORE: Egnyte urges SMEs to boost their content security

Cyber insurance premium management will become a business requirement 

While pricing in the cyber insurance market has begun to stabilise, I expect cyber insurance premium management to be top of mind for organisations in 2023, while scrutiny of organisations’ cyber-preparedness will remain high during the renewal process. Cyber insurance premiums are more manageable for companies that prioritise cybersecurity, as cyber insurers are looking for key elements in the policy renewal process like effective data security and risk management programmes. By following best practices that include updating incident response plans, establishing data governance controls, and maintaining regular system updates, organisations can keep cyber insurance premiums manageable while bolstering cybersecurity defences. 

Cryptocurrency is no longer the only ransomware payment of choice 

Recently, cyberattackers have resorted to cryptocurrency as their ransomware payment of choice. I expect these perpetrators to revert to more traditional ways of extorting money in 2023, given the current volatility of the crypto market and high-profile investigations into cryptocurrency theft that have revealed the transaction-tracking capabilities of blockchain technology. However, it’s important for organisations to remember that at the end of the day, negotiation with a cybercriminal isn’t a traditional business transaction at all. During the back-and-forth negotiation process, attackers will likely mine a company’s environment for additional vulnerabilities that they can exploit later on for additional payments. 

SMBs will reprioritise cybersecurity 

I expect small and medium-sized businesses (SMBs) to focus much more strongly on cybersecurity in the new year. With the potential tightening of budgets, they will also have to leverage their IT Security investments more effectively. SMBs have begun to realise that cybersecurity preparedness is a must-have rather than a nice-to-have, which has resulted in them putting formal incident response plans in place. As such, incident response plans will become mission-critical for a much broader range of organisations in 2023. Without such a plan in place, companies are extremely vulnerable to cyberattacks like hacking and ransomware, and recovery takes much longer. Even more importantly, potential customers could associate a lesser-known company name with a recent attack, causing further damage to the business’s brand reputation. More incident response plans will be optimised in 2023, as companies keep them up to date and regularly refine their capabilities via tabletop exercises. 

Learn More 

To learn how organisations can put 2023’s cybersecurity trends into action, check out Egnyte’s recent webinar on the topic, which includes the perspectives of an Egnyte customer.  

Neil Jones is Director of Cybersecurity Evangelism at Egnyte