You’re probably tired of hearing about 2021 cybersecurity predictions. This is something different. We’re taking a look back to what we predicted would happen in 2020 and grading our predictions. After all, why make predictions in the first place if we’re not going to reflect and assess ourselves afterwardWhen we make predictions, we aim to identify what is different that we think will happen based on converging factors and being specific about the changeWe’re not always right (our spouses can confirm, with evidence).

We use the following scale for grading our 2020 cybersecurity predictions:

A We were right and we have proof
B Almost conclusive; was close to the prediction
C  Have some evidence but not enough that our prediction was conclusive
D Incorrect time frame; too early
F This didn’t happen


What we predicted would happen for 2020 and what we actually saw:


Prediction: M&A activity will radically change to circumvent regulation and weaponize data.
What happened: We weren’t necessarily wrong about the prediction, considering the unforeseen deregulation, though this was primarily stemming from the pandemic (and we did not predict COVID-19)In the US, we saw the government block the acquisition of US company StayNTouchmaker of cloud-based hotel management software, and its assets (such as customer data) over national security concerns. The US Department of Homeland Security also issued a data security business advisory highlighting risks and concerns of foreign data collection and acquisition.



Prediction: A local government will seek disaster relief for ransomware damages.
What happened: In the US, several state governments added cybersecurity incident response extended-support capabilities to budgets, offering government support to private businesses struggling with data breaches and ransomware. In addition, states such as Ohio, Vermont, and Louisiana trained state police and national guard members to help support the response to cybersecurity incidents of private sector firms.



Prediction: Mass data collection will drive 15% growth in anti-surveillance technology.
What happened: We were likely too conservative. Thinking back to “why 15%?” … we had settled on this figure because often companies in this market are small and private. This anti-surveillance technology market includes technology that conceals, distorts, or blocks public and private surveillance tools. Examples include clothing that foils license-plate readers, anonymized search engines, lockers for private deliveries, anonymous credit cards, VPNs, anonymization services, and ad blockers.



Prediction: Twenty percent of enterprise customers will prohibit the use of their data for AI.
What happened: This one was difficult to prove. Anecdotally, we heard of such concerns via client inquiry calls. There are also examples in the news that contributed to growing enterprise concerns about using this data. This included controversy from the revelations that facial recognition software startup Clearview AI was scraping images from social media to train its machine-learning algorithm, as well as reports that Amazon was using the information it collected from the site’s individual third-party sellers.



Prediction: Deepfakes will cost businesses over a quarter of a billion dollars.
What happened: We may have been too soon. This was our moonshot prediction and is also a hard one to confirm. We saw the rise of cheapfakes versus deepfakes, as well as examples of scams using voice-mimicking software to create fake voicemails asking recipients to transfer money as audio deepfakes improved.


The tumultuous times ahead will require preparation and resilience. To use our 2021 predictions to help guide the next 12 months for your organization, check out the research here and watch the webinarTo learn what’s coming for privacy in 2021, our predictions are here. And here’s EVEN MORE research that will help you understand what’s coming next and what to do about it: our governance, risk, and compliance vision for 2021 to 2026; the future of data security and privacy; our first release on secure access services edge and Zero Trust edge; and, of course, since threat actors continue to evolve, which necessitates evolution in detection and response, we cover that in detail in our Now Tech on managed detection and response services providers.