“The case for digital transformation has never been more urgent or clearer. Digital technology is a deflationary force in an inflationary economy.”
Satya Nadella
Key takeaways
- Cyber threats have increased in speed, variety, and complexity, putting the public and private sectors at risk.
- According to Gartner, 66% of CIOs intend to increase their investments in cybersecurity in 2023.
- Despite an impending U.S. recession, rising interest rates, and stubbornly high inflation, the research firm predicts that security spending will reach $188.3 billion in 2023.
As we enter 2023, let's take a look back at one of the worst years on record for cyber attacks. Cyber attacks were up 81% from pre-pandemic levels, with the economic costs expected to reach $10.5 trillion by 20251. Over the last five years, there has been a surge in breaches, ransomware, legislation, and third-party requirements, forcing executives outside of the cyber industry to recognise the importance of cybersecurity investment. While it is estimated that global end-user spending on information security and risk management will grow 11% to more than $188.3 billion in 2023, following 11.3% growth in 20222, concerns surrounding an impending U.S. recession, rising rates and persistently high inflation might be suggestive of cut-backs on discretionary spending in the IT area.
“You boil it down to the CIO, it is cybersecurity. Absolutely…That is the highest priority,”
Chris Howard, Chief of Research at Gartner
Chris Howard, Chief of Research at Gartner
However, according to Gartner's latest Symposium, Chief Investment Officers view cybersecurity as anything but discretionary. Gartner's mid-October 2022 survey of 2,200 respondents showed that of these respondents, 66%3 said they planned to increase their investment in cybersecurity, once again their top investment priority in 2023. So, what is driving the continued expansion of cybersecurity investment?
Supportive Legislation
We wrote about the Biden Administration's new regulations here in October, outlining what the rules mean and which industries will be most affected. Hacks now must be reported to the Department of Homeland Security under the "Cyber Incident Reporting for Critical Infrastructure Act of 2022," and the European Union has proposed cyber hygiene rules. These new rules have essentially forced companies to increase their visibility in cybersecurity disclosures, which means they must inform the public about cyberattacks they are facing.
High Profile Hacks
In October alone, Uber, Morgan Stanley, and American Airlines all reported cybersecurity incidents. On the public sector front, hospital operator CommonSpirit Health4 revealed an attack that knocked out systems and disrupted patient care, while 12 schools were also targeted elsewhere in November. We've frequently discussed the narrowing of the targeting of the public vs private sectors, with a hack in one easily affecting the other.
No Industry Is Immune
Evidence is mounting that businesses across all shapes, sizes, and sectors are vulnerable to cyberattacks as they become more digitalized and deal with a surge in data (some of it particularly sensitive). According to recent data, the industries with the highest number of breaches include manufacturing, finance, and professional and business services.
Share