Predictions 2023: Security Pros Face Greater Internal Risks
In 2023, as organizations chart their growth path forward, they must contend with cybersecurity, risk, and privacy challenges from external forces, like evolving attacker tactics and market dynamics, as well as internal forces, like enabling anywhere work and the future of the office. One thing is certain: 2023 will separate the risk management savvy from the rest. Forrester predicts that:
- A C-level executive will be fired for their firm’s use of employee monitoring. With anywhere work, some employers have turned to electronic monitoring to track employee productivity. These efforts can violate data protection laws like GDPR. In 2022, newly enacted laws in New York and Ontario, Canada mandate actions and policies that employers must implement when deploying employee monitoring. In 2023, expect more lawmaker attention on workplace surveillance, like the accountability bill proposed in California, along with more employee backlash and labor union strikes and organizing in response to monitoring. A heavy-handed approach to employee monitoring and lack of consideration for employee privacy will backfire.
- A Global 500 firm will be exposed for burning out its cybersecurity employees. Security teams are already understaffed. A 2022 study found that 66% of security team members experience significant stress at work, and 64% have had work stress impact their mental health. Staff are expected to be available 24/7 through major incidents, stay on top of every risk, and deliver results in limited timeframes, and they face pushback when asking for budget. In 2022, burnout caused hospitalizations and even deaths of tech employees in Australia and China. Overburdened security teams will not be immune. With tech whistleblowers going out with a bang, in 2023 a security employee will come forward about unsafe working conditions.
- At least three cyber insurance providers will acquire a managed detection and response (MDR) provider. Although cyber insurance carriers introduced more rigorous underwriting processes, increased premiums, and reduced coverage in 2022, blind spots still exist. Forrester expects insurers to move aggressively into cybersecurity by acquiring more MDR providers in 2023, continuing the trend that Acrisure started in 2022. These MDR acquisitions will give insurers: 1) high-value data about attacker activity to refine underwriting guidelines; 2) unparalleled visibility into policyholder environments; and 3) the ability to verify attestations. Such moves will change cyber insurance market dynamics and the requirements for coverage and pricing.
Read our full 2023 cybersecurity, risk, and privacy Predictions report to get more detail about each of these predictions, plus two more bonus predictions. Set up a Forrester guidance session to discuss these predictions or plan out your 2023 security and risk strategy.
If you aren’t yet a client, you can download our complimentary Predictions guide, which covers our top predictions for 2023. Get additional complimentary resources, including webinars, on the Predictions 2023 hub.