2023 – The year of things cyber
Just about recovering from the ravages of Covid-19, only to see it resurface, 2023 seems to be the year of things cyber, going by some of the major predictions that are doing the rounds. This is despite climate change continuing to be a hot topic the world over.
Going by trends in recent years, including the upsurge in global cyberattacks, the advent of 5G, the proliferation of IoT devices and cloud operations, many of these predictions may not come as a big surprise. Let’s take a quick look at the major trends expected in 2023 and beyond.
Exponential growth in cybercrime costs foreseen
Currently in the range of USD 6+ trillion, and increasing steadily over the years, it is estimated that cybercrime costs – the cost of damage and destruction caused to data due to fraudulent purposes, and its subsequent recovery and restoration – will grow by a staggering 15% every year over the next 5 years to reach USD 10.5 trillion by 2025. Cybersecurity Ventures (1) calls it ‘the greatest transfer of economic wealth in history’ and behind only the US and China’s economies in terms of value.
Ransomware damage costs set to increase
The advent of ransomware as a major threat and the fastest growing type of cybercrime in the cybersecurity landscape can be seen in the statistics for 2021, widely regarded by many as the benchmark year for cybersecurity attacks and ransomware demands. In 2021, the top three sectors (6) in the US that were hit by ransomware were the Industrial Goods and Services sector, the Education sector, and the Health sector, with the total cost of a breach attributable to ransomware being an average of $4.62 million, excluding including ransom paid (IBM). According to Forbes, the average ransomware claim by cybercriminals was USD 1.2 million in 2021.
Cybersecurity Ventures puts the global ransomware damage costs at USD 20 billion in 2021 (7), with the costs likely to exceed USD 265 billion by 2031. Attacks are predicted to occur across all devices and establishments, with the mobile workplace contributing in no mean measure to the growing menace.
Crypto crime growth
Cybercriminals are increasingly resorting to cryptocurrency demands and scams and coming up with ingenious ways for organizations and individuals to part with cryptocurrency. The use of decentralized finance too has laid a kind of foundation for crypto crimes. The direct exchange hack of more than USD 30 million from crypto.com in Bitcoin and Ethereum from some 483 accounts is a case in point. The crime sent shockwaves through the cryptocurrency network, with the Singapore-based company even reviewing its two-factor authentication (2FA) system.
Cybersecurity Ventures predicts that crypto crime will reach USD 30 billion by 2025.
Cybersecurity spending to experience an upsurge
Needless to say, with such humungous damages at stake, it stands to reason that the growth in cybercrime costs coupled with the proliferation of devices and data would be accompanied by a corresponding increase in cyber spending to avert threats to data. Organizations are also predicted to spend more on quantum decryption facilities (12) (6) to account for data that has been encrypted as a consequence of ransomware encryption.
With more IoT devices connected to the internet – in 2021, IoT technology (2) was at work in over 35 billion devices, with experts predicting this number will grow to 75 billion by 2025 – and a whopping 90% of the world’s population above age 6 expected to be online by the end of the current decade, the cybersecurity market is tipped to grow by a CAGR of 8.9% over a 5 year period up to 2027. From around USD 173.5 billion in 2020 (3) (4), it is estimated the global cybersecurity market will reach USD 266 billion by 2027. This makes it one of the fastest growing sectors.
Data overload situations in the offing
The increase in devices, operations, and use of the internet has resulted in an explosion of data residing on the cloud and on-premises devices. Data continues to be generated prolifically, with every interaction adding to the situation. Cybersecurity Ventures projects that global data storage will exceed 200 zettabytes by 2025. This includes active and dark data stored on private and public IT infrastructures, utility infrastructures, private and public cloud data centers, personal computing devices — PCs, laptops, tablets, and smartphones — and IoT (Internet-of-Things) devices. Cloud operations including public and privately-owned clouds are expected to account for 50% of this viz 100 zettabytes.
HelixStrategy (5) puts the global data analysis, storage & management market as growing by US$ 19.6 billion during 2022-2028, with a CAGR of 11.7% during the period.
Greater requirement for new software codes
The increased use of applications, cloud-based apps including gaming, has seen a steep rise in the number of software developers as well. From some 23.9 million developers in 2019 (8), it is expected that the number will grow to 28.7 million by 2024, with a majority being in China.
With applications of all kinds – operating and testing – come code – including the insecure variety that needs addressing. Major amongst the operating kind are Google and Microsoft’s Windows operating system with the latter taking approximately 50 million lines of code itself. From some 111 billion lines of code in 2017, it is estimated that the number of new lines of code needed will reach 338 billion lines.
Enhanced Supply Chain Security
2023 is likely to witness a greater emphasis being given to applications and software composition analysis especially where the code is from an unknown or untrusted source. The case of TikTok, the Chinese cloud software which caused risks and vulnerabilities is cited as one of the forerunners for this point of concern. Supply chain issues have the potential to cause immense damage in the event of insecure code.
Increased automation in security operations
Continuing the progress in automation and integration, 2023 will almost certainly witness automation covering the open areas of security operations that are still dependent on manual processes. These areas include threat exposure management and detection engineering. Machine Learning (ML) and Artificial Intelligence (AI) will be key to this process. The result of course will be that the cyber professionals are freed to attend to the more demanding areas that need their strategy, creativity, and ingenuity.
Expect competing privacy regulations
Security Magazine (12) predicts that 2023 will be witness competing privacy regulations being passed at the state and local level, making it hard for organizations to navigate the cyber law landscape. Greater roles are foreseen for CISOs as a consequence of these regulations. The GDPR is the most prevalent of the data privacy regulations currently in force by the EU, though the US has its Clarifying Lawful Overseas Use of Data Act (CLOUD) version that impacts internet users and international data flows. The article by Security Magazine predicts that “Information privacy will continue to grow in visibility and execution, but the charge will be led by various regional regulations that don’t always align with each other”.
Recessionary trends to negatively impact cyber training
Despite the cyber industry not experiencing a recession, experts believe that the cutbacks on budget outlays will most likely affect ‘discretionary’ areas (12) like training in the industry. This is generally not seen as a very good sign as keeping experts abreast of developments in the field and new threat landscapes and attack surfaces, while continuously honing their skill sets is deemed very important by industry experts. So too is the emphasis that needs to be given to cyber hygiene and best practices enforcement, which is likely to be compromised in the coming year due to recessionary trends.
Going further, the onset of a recession is most likely to further impact the job situation as a skills shortage continues to be foreseen.
Inroads into metaverse
Though experts in the technology still say we are 5 to 10 years away from achieving maturity in this area, 2023 is likely to see further developments in this virtual reality area (12). Already some firms in the gaming space are providing this service, and the new year is most likely to witness some headway being made in this area in the other walks of life.
More demand for cyber insurance
Cyber insurance is the direct offshoot of cybercrime, and more and more organizations are investing in insurance to safeguard and mitigate against losses caused by this menace. The demand for cyber insurance is expected to experience an upsurge in the coming years, with businesses continuing to account for up to 75% of the insurance taken.
Cybersecurity Ventures predicts the cyber insurance market will grow from approximately $8.5 billion in 2021 to $14.8 billion in 2025, and exceed $34 billion by 2031, at a CAGR of 11%.
Data privacy liability, cyber extortion, network business interruptions, and recovery and restoration of data assets were the five most common cyber insurance claims. Statistics show that most cyber insurance claims from businesses relate to breaches – almost 73% of all cyber insurance claims (9)
More online presence
Statista (10) puts the figure of users online at approximately 5 billion or 63% of the world’s population of 7.9 billion. The figure is expected to grow considering that an estimated 1 million more people join the internet daily. With social media continuing to gain momentum and being by far the most widely used – an estimated 4.7 billion of netizens are social media users – the number of persons online above age 6 are expected to reach 90% of the earth’s 8.5 billion population in 2030 (UN).
Cybersecurity job market to expand
An indication of how exponentially fast the cyber business has grown is evident from the unemployment rate for cybersecurity professionals. A classic case of demand exceeding supply, the industry has witnessed an astonishing 0% unemployment rate since the year 2011. While this may sound good, it brings with it HR challenges (11) of identifying specialists with the right skillsets to take up openings, compelling unqualified hires and retaining specialists due to the surfeit of jobs available.
HR issues notwithstanding, the prediction is that 2023 will witness almost 3.5 million unfilled positions in the cybersecurity job market. Experts are agreed on the fact that cybercrime will be the biggest contributor to this situation.
More women in cybersecurity
Though there does exist a gender imbalance in the cyber industry – an estimated 25% of cybersecurity positions are taken up by women and only 17 percent of Chief Information Security Officer (CISO) roles at Fortune 500 companies are of the fairer sex – indications are the number of women in the field are likely to go up in the coming years, with crossovers from other industries also contributing to the increase. By 2031, this figure is estimated to be in the 35% range, with an increasing number of women occupying CISO positions. HR experts are of the opinion that women certainly have the right qualifications, mindset, creativity and soft skills to occupy these positions, overcoming such problems as gender bias and discrimination.
With the exponential increase, relentless developments and all-pervading presence in our lives, 2023 promises to be another defining year for the cyber world. From cyber organizations to cyber experts to cyber criminals, we can be sure everyone will be watching it with interest and bated breath.
- Internet of Things (IoT) – Technology Without Borders | Aurora (aurorait.com)
- Global Cyber Security Market Size, Share, Trends and Industry Analysis 2022 – 2030 (marketsandmarkets.com)
- 2020 Roundup Of Cybersecurity Forecasts And Market Estimates (forbes.com)
- Global Data Analysis, Storage & Management Market 2022 – StrategyHelix
- Ransomware – Next Level Malware | Aurora (aurorait.com)
- Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats (forbes.com)
- Global developer population 2024 | Statista
- Cyber Insurance Statistics and Data for 2022 (security.org)
- Internet and social media users in the world 2022 | Statista
- What 0% Unemployment Means for the Cybersecurity Job Market – CyberSN
- 18 cybersecurity predictions for 2023 | Security Magazine