How will GDPR regulations present new challenges for cyber security teams?
GDPR legislation for both the UK and Europe has revolutionised the way businesses communicate, secure and store data, as well as holding businesses financially and personally accountable for when they fail to handle data correctly. In fact, GDPR fines hit a total of 97.29 million Euros in the first half of 2022, an increase of 92% over H1 2021.
This year, there has been an increasing number of fines centred around Article 32 of GDPR, which states that penalties can be enforced if companies have a lack of technical and security measures in place, even if this does not lead to a breach. While the focus will undoubtedly still be on enforcing reactive fines responding to data leaks, in 2023, penalising those that do not have the adequate preventative measures will become increasingly more prominent. Ultimately, legislation has moved faster than many organisations can keep up with, particularly alongside the challenge of managing and executing IT security in a hybrid environment. Next year, regulations will only become tighter, and organisations will be held up to increasingly higher scrutiny.
Where will IT investment be directed in 2023 and how will this impact the execution of security strategies?
Digitisation was critical in the shift to hybrid, and as a result, IT teams have enjoyed relatively high budgets in previous years, while other business functions have been cut. However, now organisations are operating in a different landscape, with rising inflation and the threat of a global recession, many will begin to reassess all their budgets, IT included.
Despite this economic turbulence, security will remain a priority for investment. The threat landscape continues to develop at pace, and with financial and reputational damage attached to security breaches which could make or break some businesses as recession hits, minimising security budgets will be non-negotiable.
Yet, reducing IT budgets while increasing security investments presents a problem when it comes to the execution of this strategy. Fundamental to the success of a security plan, is whether it can be delivered via an operational IT team. Reducing spend for IT will inadvertently open organisations to attack, as security teams will not have the apparatus needed to implement their plans.
As we enter 2023, it is therefore critical for IT security leaders to consider their holistic IT strategy, instead of viewing IT and security as two separate entities.
How will the global economic crisis impact the security industry?
Europe is still in a recovery state from the pandemic, and other macro-economic pressures such as energy shortages and soaring inflation rates are threatening how businesses can invest and grow. The tech industry has ultimately felt the crunch, with 12,000 tech jobs already being lost worldwide , the market is becoming increasingly more volatile and unpredictable.
Previously, the buoyancy of the tech sector meant many IT professionals were able to find a job by the end of the week if they were let go, but with this safety net removed, we will see cases of insider threat on the rise in 2023. Indeed, in Q3 2022 this peaked to its highest quarterly level to date accounting for nearly 35% of all unauthorised access threat incidents. The current tech market conditions leave businesses vulnerable to insider threat, for example, some workers attempt to copy data and utilise it for their next employer. Cyber criminals will exploit this issue as well, by keeping up with current trends in the tech sector, as they are able to implement new strategies that target those who are being laid off.
Organisations must ensure data is secured when employees leave the business, and that it has not been transferred onto personal devices. Yet, according to our recent research, only 18% of IT decision makers say they are able to track information across the full lifecycle. In response, businesses should increase visibility across their data journey, so organisations can identify when employees are printing and sharing information beyond company defences.