Top Cyber Security Trends & Statistics for 2023

The 2022 Global Risk Survey by PricewaterhouseCoopers cites cyber security as one of the five major obstacles to a business’s revenue growth (at par with external change). While not the top concern for businesses globally, it is for those in Australia. The study cites that 32% of business leaders in Australia are worried about cyber security, compared with 20% globally.

Regardless, more entrepreneurs now understand the consequences of doing business without a strong cyber security framework. Cybercrime was responsible for economic losses of roughly USD$7 trillion (AUD$10.39 trillion) worldwide in 2021. If it were a country, cybercrime would be one of the world’s largest economies, dwarfed only by the United States and China.

There’s no reason for cybercrime to slow down because it’s an endless game of cat and mouse. As the industry develops new protective measures, cybercriminals think of ways to defeat them. Business owners should at least become aware of what the industry plans to do moving forward. Here are some cyber security trends 2023 and statistics worth remembering.

A Gartner study last year states that modern privacy laws are expected to encompass 75% of the world’s personal data by the end of 2023. World governments have been taking steps to enhance an individual’s ‘right to be left alone,’ as in their right to have their details removed from the internet when desired. One particular legislation has formed the basis of such a movement.

Adopted in 2016 by the European Union (EU), the General Data Protection Regulation (GDPR) is a crucial tenet of human rights regarding data processing. Companies doing business in the EU and the European Economic Area must offer consumers a clear and concise avenue of consenting to companies using their data.

The GDPR has caused a so-called ‘Brussels effect’ on existing data privacy legislation, inspiring other countries to enact their own laws patterned after it. Even the United Kingdom, which ended its membership in the EU in 2020, kept the GDPR (known as the Data Protection Act 2018).

Meanwhile, Australia still lacks legislation comparable to the GDPR. Its sole data privacy law, the Privacy Act 1988, has undergone nine amendments since becoming law. The potential tenth revision, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, is only designed to stiffen penalties and is still being deliberated in Parliament.

Even with all the equipment and training, a cyber security framework can’t guarantee immunity from hackers. If hackers manage to break through and steal precious data, the next best thing is often to mitigate the resulting economic loss. For this reason, companies pay a premium for cyber insurance, but this industry’s facing a major pickle.

The scale and intensity of attacks, especially at the height of the pandemic, have seen insurance providers shell out unhealthy amounts to affected businesses. As a result, the average premium has doubled from the previous quarter this year. Combined with recessions, a sizeable portion of cyber insurance’s market base in 2021 elected not to renew their contracts.

Experts attribute this to the huge disparity in cybersecurity and cyber insurance market values. In 2020, the cyber security market was estimated at USD$170 billion (AUD$254.6 billion), whereas cyber insurance was only USD$6 billion (AUD$8.99 billion). While the latter’s poised to grow in the next few years, its value will still be ten times less than the former.

Achieving parity won’t happen anytime soon, experts stress. Because of this, insurance providers have since tightened their qualifications, limiting to companies with a solid framework. Before qualifying for cyber insurance, business owners must show that they care about cyber security.

Amid the layoffs of thousands of tech professionals over the year, cyber security skills seem to remain stable. A recent report found that global cyber security jobs have more than tripled from 2013 to 2021, reaching 3.5 million.

In another report, the number of Fortune 500 businesses that appointed board members with cyber security experience increased by 8% in 2021. Experts predict the figure to rise over the decade: 35% of Fortune 500 companies by 2025 and 50% of them by 2031.

The increase in cyber security jobs coincides with a pressing need for skilled individuals. Industry leaders stress that it won’t matter if a business has state-of-the-art cyber security measures if it doesn’t have enough trained people to operate them. People with a poor sense of cyber security urgency, if any, are often the weakest link in any framework.

With the severity of cybercrime on the rise, most businesses are devising measures to protect themselves from external threats and those from within as well. This approach will improve their security, boost customer trust, experience and create a balance between security and convenience.

The best way to protect businesses is by creating user awareness programs. This is to educate on how to identify and neutralise threats. There are still many people who can’t differentiate between a phishing email from a genuine one. This makes user education essential in preventing such assaults.

Many companies use different techniques in teaching their personnel. Teams get training on how to manage and communicate sensitive company data and identify threats. It’s expected that there will be greater emphasis on sensitising personnel about the necessity of cyber security to help secure digital business assets.

More enterprises and organisations are moving their workflows and processes to the cloud using cloud management software solutions. But many cloud services providers don’t provide proper encryption, authentication or secure logging. Some also fail to keep user data separate from that of other tenants sharing cloud space.

As a result, IT security experts see the need to strengthen cloud security. Due to a lack of or weak cloud security settings, fraudsters may circumvent internal restrictions that safeguard critical data in the cloud database. This has resulted to cloud security evolving into predictive yet inventive protection measures to battle cybercriminals.

Predictive security is becoming more useful in detecting attacks before they are launched. It can help track and identify attacks that go past other endpoint protection. As a result, more organisations may lean towards using predictive security cloud in 2022 and beyond. Meanwhile, several industries have turned to multi-factor authentication to strengthen security.

As you expand your online presence, cyber security must be a top priority due to the growing number of cyberattacks – in fact, there has been a 600% increase in 2021.

The Australian Government, led by the Australian Cyber Security Centre (ACSC), strives to prevent these instances from occurring and assist businesses like yours strengthen their cyber security posture.

As the first line of defence, they developed the Essential 8.  By complying with the Essential 8, you will be in the best position to protect your digital assets against an attack.

The Essential 8 can be tailored according to your business’s risk profile and requirements.
They have been designed to complement each other, and to provide coverage across a range of cyber threats and cover 8 areas:

With the proliferation of health-related applications comes a crackdown on how healthcare institutions must handle health data. The health sector is expected to place a greater focus on data sharing. The Federal Trade Commission recently proposed more stringent requirements for mandating data breach reporting from these institutions and those involved in health app development. This proposal is sparking debate over what categories of health data should be covered by the law. (3)

Zero trust is a strategy that involves trusting nothing and no one. The need to verify everything relating to devices and people. This approach to security requires that you have all users, both within and outside your organisation, to authenticate their access. You assume that the network is hostile, allowing the least privileged access.

In 2022, this approach is expected to become critical in preventing identity theft through various channels. These channels include stolen secrets, breached data perimeters and lateral threats. Zero trust restricts access controls as much as possible to networks, processes, applications and environments without compromising performance and user experiences.

The combination of new legislation, increasing demand for professionals, and a precarious cyber insurance market have led to an intensified need for cyber security next year. It should be part of a business’s agenda, preferably taking top priority. Without enough awareness, a business won’t be able to survive the current environment.

Most details, such as the ACSC’s Essential Eight and NIST’s Cybersecurity Framework, will remain unchanged in 2023.

1. “Cybercrime To Cost The World $10.5 Trillion Annually By 2025”, Source: https://www.prnewswire.com/news-releases/cybercrime-to-cost-the-world-10-5-trillion-annually-by-2025–301172786.html
2. “How Is IoT Impacting The Digital World and Remote Workforce?”, Source: https://www.europeanbusinessreview.com/how-is-iot-impacting-the-digital-world-and-remote-workforce/
3. “Health app makers are on notice amid FTC data rule refresh, but some privacy experts say the regulator has gone too far”, Source: https://digiday.com/marketing/health-app-makers-are-on-notice-amid-ftc-data-rule-refresh-but-some-privacy-experts-say-the-regulator-has-gone-too-far/
4. 15 Important cyber security statistics, Source:  https://www.titanfile.com/blog/15-important-cybersecurity-statistics-in-2021/