Huntsman Security announced its cyber security predictions for 2023, including the importance of cyber security posture, systematic risk management and the expected changes driven by the insurance industry. In addition, the company outlines why cyber security guidelines are likely to become more global, and why the industry needs to evolve from “eminence-based” decision making to a more scalable evidence-based approach.
Cyber security posture management and risk assessment management rise to greater prominence
Although the rise in the number of ransomware attacks has flattened, organisations still need to be aware of areas of potential attack risk (attack surfaces) and must be able to demonstrate control of them. Organisations should focus on either:
* Cyber Security Posture – Measuring the state of cyber resilience or overall cyber security readiness; or the more targeted
* Attack Surface Management (ASM) – Accurate visibility of the “attack surface” – the IT infrastructure assets and the relative risk resulting from vulnerabilities and misconfigurations.
As organisations seek greater efficiency, and adversaries continue to attack emerging weaknesses, 2023 will see the rapid adoption of these solutions to quickly and more accurately prioritise and report any changes in cyber posture.
Cyber insurance driving security control improvements
Security controls will be key to insurers better supporting their customers and more accurately pricing cyber risk. 2023 will see insurers demanding increased controls and quantitative measurement alongside a rise in regulatory requirements for cyber risk oversight.
Convergence of cyber corporate governance rules
Corporate governance rules are converging, with governments and organisations all facing similar if not the same threats. Organisations everywhere will need to comply with these increasingly common cyber controls to meet multi-national regulations. In 2023, cyber governance will become more formalised, and the cyber security decisions companies make, will be the subject of increasing accountability and scrutiny.
Shifting from eminence to evidence-based decision making
Cyber security decisions are often based on the eminence, reputation and experience of experts. With growing cyber resourcing issues, however, real-time evidence, new risk frameworks and measurement methodologies are becoming a more critical element of effective cyber governance.
2023 will see a move to evidence-based decision making – aided by the availability of technologies to enable the measurement and systematic management of risk data.