Cybersecurity isn’t easy. Over the past few months, organisations including Uber, Cisco, Twilio and Rockstar Games have all fallen victim to data breaches as a result of cyber attacks. Recently, some of Deloitte’s leading analysts shared their top strategic cybersecurity predictions for 2023. Deloitte’s analysts revealed a range of predictions, including the importance cybersecurity and future-forward readiness and organizational resilience, will play in helping enterprises to better control their exposure to threat actors in the future.
1. Board cybersecurity readiness will become a business imperative
“As the cyber threat landscape continues to evolve and grow more sophisticated, the role board of directors plays in cyber risk oversight is becoming increasingly important. As organizations prioritize customer trust alongside continued growth, the board can help position cyber as a strategic enabler to foster stronger relationships across customers, vendors, employees, and shareholders.
Recognizing the value a robust cybersecurity posture can directly have on financial impact allows boards to more effectively oversee cybersecurity risk management activities. Recent SEC proposals emphasizing governance, risk management, strategy, and timely notification to investors should encourage leaders to consider evolving and shaping their current and future business models with cyber risk and the board at the center of these initiatives,”
— Deloitte’s US Cyber Crisis Management Leader Mary Galligan
2. Connected device visibility and security will be a major area of focus for most organisations
“IoT-connected devices have been deployed by most organisations over the years, but often without adequate security governance. As the number of connected devices grows, the attack surface for the networks and ecosystems to which they’re connected grows as well, creating exponentially more security, data and privacy risks.
Leading organisations will focus in the year ahead on connected device cyber practices by establishing or updating related policies and procedures, updating inventories of their IoT-connected devices, monitoring and patching devices, honing both device procurement and disposal practices with security in mind, correlating IoT and IT networks, monitoring connected devices more closely to further secure those endpoints, manage vulnerabilities, and respond to incidents.”
— Deloitte’s US Cyber IoT leader, Wendy Frank
3. Security in emerging technologies will be critical in their adoption
“As applications of IoT, Blockchain, 5G, Quantum and other technologies continue to accelerate, cybersecurity risks associated with these technologies continue to become evident.
Adoption of these technologies will be instrumental to manage the organisation’s strategic growth initiatives, however, their sustained success will be based on the organisation’s ability to navigate and implement appropriate technology security measures.”
— Deloitte’s US Transformation & Emerging Technology leader in cyber & strategic risk, Kieran Norton
4. Data-centric security and privacy will become imperative to building brand and customer trust
“Digital engagement between businesses and customers is a new way of life — nearly 72% of an organization’s customer engagements are digital. This has heightened expectations from customers to have greater control over their data and increased transparency about organizations’ policies.
This has heightened expectations from customers to have greater control over their data and increased transparency about the organisation’s policies surrounding data handling — often in exchange for an increased willingness to share more data and become more engaged if the company is trusted.
As a result, there’s a growing sense of urgency for organizations to enable dimensions of trust and to embrace data privacy, security, and compliance as mechanisms to bolster traditional methods for strengthening customer experience and brand perception.”
— Deloitte’s US Data & Privacy leader for cyber & strategic risk, Criss Bradbury
5. Focus of future-forward readiness
“As we look back, the past few years have shown us how quickly changes happen — from industry dynamics to the geopolitical climate, disruptive technologies, and enterprise priorities, which emphasizes the need to be future-ready. Change is the only constant, it brings us an opportunity to evolve and innovate cyber risk management practices.
With more technology breakthroughs and frequently changing market trends, there is a huge opportunity for organizations to leverage cyber to introduce more value and competitive differentiation for their customers while preemptively addressing unexplored risks and threats on the horizon.
Whether planning for near-term market innovations or complying with increased regulatory and reporting requirements, organizations need to actively assess and build a unified cyber strategy to position the business to be agile enough to seize future opportunities before they emerge.”
— Deloitte’s US Cyber & Strategic Risk leader, Deborah Golden
6. Organizational resilience will continue to be the focus
“As the digitization of business continues, organizations are becoming more connected within the global marketplace thus expanding the attack surface and increasing the frequency and impact of disruptions. The multitude of supply chain, geopolitical, environment and cyberattack events organisations are facing challenges to traditional risk programs and are drawing increased regulatory scrutiny.
By leading with an integrated view of scenarios that threaten core business operations, organizations can employ new techniques and technologies which develop situational awareness to emerging threats and improve their ability to respond to disruptions.”
— Deloitte’s US Technical Resilience leader for the Cyber Risk Services Infrastructure practice, Pete Renneker
7. Complex supply chain security risks will continue to emerge
“Today’s hyperconnected global economy has driven organizations to heavily depend on their supply chains — from the components within their physical and digital products to the services they require to run their day-to-day operations.
This critical interdependence makes supply chain security and risk transformation an imperative for today’s globally connected businesses.
Organizations now require a holistic approach, which includes shifting away from point-in-time third-party assessments toward real-time monitoring of third-party risks and vulnerabilities in inbound packaged software and firmware components.
For instance, this includes implementing leading practice techniques around ingesting Software Bill of Materials (SBOMs) and correlating the output to emerging vulnerabilities, identifying risk indicators such as the geographical origin of the underlying components, and providing visibility to transitive dependencies.
Organizations are also focusing on deploying and operating identity and access management (IAM) and Zero Trust capabilities that better enforce authorized third-party access to systems and data and reduce the consequences of a compromised third party.
The threats introduced into the supply chain continue to evolve in complexity, scale, and frequency, so organizations need to continue the momentum with innovating and maturing their supply chain security and risk transformation capabilities.”
— Deloitte US Cyber Risk Secure Supply Chain leader, Sharon Chand
8. Organizational talent consolidation and outsourcing will evolve due to severe cyber talent shortage and growing labor cost
“With the breadth, complexity and frequency of cyber security risks exponentially increasing by the day and the increased pressure from stakeholders (regulatory, boards and employees) to manage cyber security risks – organizations have a huge demand for skilled and experienced cyber talent.
This need compounded by cyber talent market shortages, particularly of highly trained specialized skillsets, makes attracting and training niche, hard-to-find talent extremely difficult. Organizations are scrambling to fill required positions, impacting their ability to manage cyber risks.
As this talent shortage continues to grow, more organizations will consider alternatives such as outsourcing and management of core cybersecurity functions. To remain agile and optimize operational processes, organizations will need to focus on hiring and retention of niche cyber talent along with outsourcing strategies.”
— Deloitte’s US Cyber & Strategic Risk leader, Deborah Golden
9. Cloud security approaches, products and technology will mature at an accelerated pace
“The proliferation of cloud services and the advent of new development methodologies like DevOps are creating unprecedented possibilities, driving many organizations to migrate to the cloud and modernize existing applications. This evolution presents opportunities for business growth through accelerated development, enhanced scalability and collaboration, new revenue streams, business agility, and greater technical resilience.
As these deployments mature and more data and business functions are hosted in the cloud, there is increasing awareness that benefits can be wiped out by costly regulatory missteps and damaging cyberattacks if security is not woven into the transformation process.
By embracing security and digital transformation together, and leveraging the intersectionality of cloud-based architectures, modernized “secure-by-design” processes to enhance developer experience and adoption of zero-trust principles, organizations can enable agile secure transformation to promote greater confidence.”
— Deloitte’s US Cyber Cloud leader, Vikram Kunchala
10. Evolving threats to operational technology in manufacturing and other environments
“Cyber attackers are increasingly weaponizing Operational technology (OT) environments to attack hardware and software that control industrial processes and secure OT networks. Skilled workforce shortages and overlapping IT and OT environments can make cyber incident containment difficult.
Organizations can implement cyber threat identification, detection, and prevention controls to address OT security risks by taking steps inclusive of increasing visibility to devices, implementing OT network segmentation, implementing security tools for the OT environment, correlating security information from OT and IT networks, and establishing security operations centers (SOCs) that address both.”
— Deloitte’s US and Global Cyber OT Leader, Ramsey Hajj