In last year’s Predictions blog, our security team talked about 2021 as “the transition to a new normal.” It hasn’t quite worked out that way — as the Delta variant spread and lockdowns reappeared, employees who had flirted with heading back to the office found themselves joining remote meetings from home just like before. As we look forward to 2022, a theme emerges: securing relationships. Uncertainty has accelerated reliance on each other, and gaps in third-party relationships, collaboration, and trust will have outsized impacts on firms’ relationships with their colleagues, partners, and suppliers.
For cybersecurity, here’s what we expect to see in 2022:
- Sixty percent of security incidents will result from issues with third parties. In 2020, 27.8% of organizations reported 20 or more supply chain disruptions, and executives have uttered the phrase “supply chain” over 3,000 times on S&P 500 earnings calls, compared to 2,100 times all of last year. A quick look at Google Trends reveals that searches for “supply chain” have peaked just in the last couple of weeks. With cyberattacks targeting smaller vendors and suppliers, third-party incidents will increase and SolarWinds-style headlines will plague firms that don’t invest in the risk management trifecta: people, process, and technology.
- Security brain drain sets in as one in 10 experienced security pros exit the industry. Two million women have left the US labor force during the pandemic according to data from the US Labor Department, roughly twice as many as men. That’s a sobering trend for an industry like cybersecurity which is already struggling with diversity, equity, and inclusion as well as burnout. Data in a 2021 study from VMware shows that 51% of cybersecurity professionals experienced extreme stress or burnout over the past twelve months. CISOs must tackle the problems of burnout and team culture while using succession planning to build a pipeline of future security leaders.
- At least one security vendor collapses in an Enron-Theranos-esque scandal. Eighteen cybersecurity vendors reached unicorn status in the first half of 2021, compared to only six the entire previous year. For context, a year before Cisco acquired Duo Security, Duo’s most recent valuation had put it just above unicorn status at $1.17 billion. With the explosion of investment activity in cybersecurity, we expect “accounting irregularities” will bring at least one cybersecurity vendor down in 2022. The fallout creates risks for CISOs. To reduce these risks, when working with early-stage security startups, consider adding a second vendor for redundancy, and take a cautious approach to case studies and other mentions of your brand.
Read the full report for more details and more 2022 cybersecurity predictions.