Cybersecurity threats are a staggering challenge for companies, governments, public services, and individuals around the world. In 2021, there was a major increase in cybercrime across the board, with a reported 125% increase in data breaches compared to 2020.
There has been particular growth in high-profile nation-state-level ransomware attacks such as the colonial pipeline cyber-attack. But there has also been a rise in cyber-scams targeting individuals, with consumers losing $56 billion USD to identity-fraud-related scams such as online impersonation, robocalls and phishing attacks.
In addition, the cybersecurity industry is currently suffering a skills shortage. Companies are lacking the critical human talent required to manage cybersecurity strategies and technologies, making life easier for cyber-criminals and putting strain on often overworked and overstretched cybersecurity professionals.
Against this backdrop, you’d be forgiven for being pessimistic about the future of cybersecurity; and many people are. A recent survey found that 91% of Americans are concerned about cyberattacks affecting financial institutions and compromising their own data.
However, there are some reasons to be very optimistic about the future of cybersecurity, which can often be lost amidst the noise of negative statistics, doom and gloom news headlines, and pessimistic marketing. In this article, we’ll take a look at a few of these reasons to be hopeful, which showcase why the future of cybersecurity may not be as bleak as it seems.
1. Massive Investment And Innovation From Cybersecurity Vendors
It’s often suggested that cybercriminals stay one step ahead of cybersecurity providers in a zero-sum game of cat and mouse. There was a record growth in investment in the cybersecurity industry in 2021 and, while this doesn’t mean that every cybersecurity solution out there is now perfect, there continues to be massive innovation from cybersecurity providers to help companies and software providers improve the security of their solutions and products.
In 2021, Expert Insights interviewed dozens of experts from across the cybersecurity industry, each with a unique story of innovation to help secure companies against cybercrime. This includes new technologies, such as Darktrace developing sophisticated artificial intelligence systems to secure business networks, and new methods of approaching cybersecurity altogether, such as Hook Security’s user training platform, which is founded on the concept of psychological security.
With the global cybersecurity market predicted to reach USD 539.78 billion by 2030, competition and innovation is likely to only increase, putting companies in a better position to protect their current systems and emerging IoT technologies.
2. Organizations Are Taking Cybersecurity More Seriously Than Ever
Organizations are spending more money on bolstering their cybersecurity protection, with a recent survey finding that the majority of organizations plan to spend much more on improving cybersecurity in 2022. In fact, 81% of companies are committed to increasing cybersecurity budgets this year, and 24% are planning to increase cybersecurity spend by 31-50%.
Spending is not just limited to large enterprises; despite the myth of small businesses not taking cybersecurity seriously, SME cybersecurity spending is set to reach $90 billion USD by 2025, according to a survey of 6,000 small business leaders from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland.
If spending is any indication, companies are taking cybersecurity threats more seriously than ever before. In part, this has been driven by the continuing move to remote or hybrid working catalyzed by the Covid-19 pandemic. But it has also been accelerated by increased compliance needs from new data protection regulations and cybersecurity insurance firms, as well as pressure from employees, with studies showing they believe companies should be doing more to protect against cybercrime.
Of course, money is only part of the solution, and analyst firm Gartner foresees more positive changes to how companies approach their cybersecurity strategy. They predict that by 2024, 90% of organizations will adopt a ‘Mesh’ cybersecurity infrastructure, which will reduce the financial impact of cyberattacks by up to 90%. They also predict that by 2025, 40% of enterprises will have a cybersecurity committee overseen by a dedicated board member.
In addition, organizations and investors are more commonly looking at cybersecurity risk as a key factor in conducting third-party business, with Gartner predicting 60% of businesses will use cybersecurity risk as a primary determining factor. This puts more pressure on organizations to improve their cybersecurity infrastructure, as a key pillar of business success.
3. People Are More Aware Of The Cybersecurity Problem, And Are Taking Better Steps To Protect Themselves
As we mentioned, 91% of Americans are concerned about cyberattacks affecting their data, with two-thirds reporting that they were concerned about online data breaches. While it’s not necessarily good that people feel concerned about cybercrime, it is a positive development that people are more aware of the risks of cybersecurity attacks and data breaches, which will increase vigilance against scams and fraud.
But more than just being aware of the risks of cybercrime, research suggests that individuals are taking positive steps to protect themselves and their data against these. More people are prioritizing privacy online, with 68% of adults using a VPN when browsing the internet and two thirds of people claiming they choose not to use certain applications and services based solely on their privacy policies.
There has also been widespread adoption of two factor authentication, which can prevent up to 99.9% of attacks on user accounts. A report by Duo Security found that 78% of people used 2FA in 2021, compared to just 28% in 2017.
When it comes to passwords, 85% of people today know that using the same password across multiple accounts is a security risk. And although 25% of people continue to reuse passwords, it’s a positive development that the vast majority of people are moving away from these risky practices, especially considering the average person has 70-80 passwords to keep on top of.
In addition, 22.5% of people have invested in a password manager, and 2 out of 5 people write down passwords to keep them safe, which—while not ideal, especially in an office—is a much better security practice than using the same password for everything.
4. Governments Are Taking Cybersecurity Much More Seriously
It’s not just companies and individuals taking cybersecurity more seriously; governments are, too. Driven by high-profile nation–state-level attacks such as the SolarWinds breach in 2020, cybersecurity spending is growing at rapid rates, with the US government approving a total budget of $2.6 billion USD for cybersecurity last year—the second largest budget among the CFO act government agencies. Local and state governments in the US are also increasing cybersecurity spending, to help combat a rise in ransomware attacks such as the high-profile local government breaches in Texas.
Cybercrime has been a major challenge for US President Joe Biden’s administration. On May 12th, Biden issued an executive order designed to improve the national state of cybersecurity in the US, including modernizing cybersecurity defenses for critical infrastructure, improving department communications, and implementing a Zero Trust approach to protecting important data and services. Crucially, the EO called for organizations to improve supply chain security, which hopefully will lead to organizations reviewing vendor risk assessments, providing greater protections for all organizations.
Outside of the US, cybersecurity spending is increasing in government budgets around the world: the UK government has announced an extra £750 million GBP of spending on cybersecurity, for a total budget of £2.6bn, alongside new laws passed to protect IoT and smart devices. Israel is another leader in global cybersecurity spending with a $1.5 billion capital influx in 2021.
In addition to spending, government data protection legislation continues to be passed, increasing the responsibility of companies to secure and regulate the use of personal data. In the past two years, there have been dozens of new data regulations passed at a state and country level, effectively stopping the “wild west” usage of data and hopefully enabling a more secure digital future.
5) More Effort Is Being Put Into Closing The Cybersecurity Skills Gap
The final reason to be optimistic is that a huge amount of effort from governments and vendors is being spent on closing the skills shortage in cybersecurity and encouraging the next generation of cybersecurity professionals.
Studies show that 87% of parents want some form of cybersecurity education to be taught in schools, demonstrating that cybersecurity is likely to become a more important career path. There is also evidence that security companies are opening up hiring to more diverse, less traditional academic backgrounds for a new approach to solving the skills gap.
Cybersecurity training providers such as CyberVista are also developing innovative approaches to help solve the skills gap in cybersecurity. CEO Simone Petrella told Expert Insights:
“What we see time and time again is that so many pools of talent exist within organizations already that could be incredibly successful in security roles.
“It’s a misnomer that you have to have someone right off the bat with technical skills. We’re missing out on a huge portion of the population who, if given the time and the investment, would be incredibly successful cybersecurity professionals.”
There has been a big increase in non-traditional cybersecurity roles. Ethical hacking, for example, has saved organizations an estimated 27bn in cyber security risks according to crowdsourced cybersecurity firm Bugcrowd, by helping organizations to avoid cyber risks. 43% of Bugcrowd’s ethical hackers say they are using it as a pathway to a cybersecurity career, with 52% aged 18-24.
Evidence suggests that this approach has been working: over a period of eight years, Cybersecurity Ventures found that the number of unfilled jobs in cybersecurity grew from one million in 2013 to 3.5 million in 2021. They predict this number will remain unchanged in 2025, suggesting that, while there is still a shortage of skills, it may be starting to level off at last.
Cybercrime may be an inevitable consequence of the digital world. Just as crime in the real world will never be eradicated 100%, cybersecurity risks will abound for years to come. However, there are reasons to be optimistic about the future of cybercrime, and organizations should continue to take proactive, hopeful steps to invest in cybersecurity protection that helps everyone.
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions.