header image

5 Cyber Predictions for 2022 and Beyond

Ted Cowell, Kyle Schwaeble 15 December 2021
15 December 2021    Ted Cowell, Kyle Schwaeble

Investing in Cyber Resilience: Spend, Strategy, and the Search for Value

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

This article was originally published in full in Consultancy.UK


The cyber security landscape is rapidly evolving – over the past 18 months the industry has experienced a rise in ransomware attacks, increased cyber insurance premiums, and regulatory changes. As we move into the new year, here are S-RM’s predictions for what business leaders can expect in 2022 and beyond.


1. Supply chain attacks the number one threat

In the last 12 months, major breaches at two large US software providers have epitomised how supply chain attacks enable threat actors to penetrate even sophisticated organisations’ systems, and to strike a broad swathe of victims at once. The successful compromise of US network monitoring firm SolarWinds Inc, which became public in late 2020, enabled threat actors to breach a host of US government agencies and at least one high-profile cyber security company. Some months later, the July 2021 attack on US software provider Kaseya Limited further exemplified this ‘multiplier effect’. Kaseya reported that the attack had affected only a few dozen of its direct clients, but that small percentage included some 35 third-party ‘managed service providers’ (MSPs), among whose own clientele up to 1,500 small and medium enterprises across the globe were infected with ransomware.

 
S-RM ANALYSIS
As the ‘advantages’ of supply chain attacks become apparent to more threat actors, and as organisations become increasingly dependent on an ecosystem of different interlocking service providers, we expect to see an increase in these attacks. Companies wishing to mitigate their exposure to third party risk will need to apply scrutiny to vendors, ideally including robust cyber due diligence at the start of relationships and regular monitoring of all third parties. Nevertheless, the organisations that are best-prepared for a supply chain attack will be those that operate on the basis that, regrettably, the risk of breaches through third party vulnerabilities can never be satisfactorily mitigated, and who have robust incident response plans in place to respond when they do occur.

2. increasing focus on cyber security budgets

Cyber budgets seem to have stagnated at a time when the cost of cybercrime and the frequency of attacks is increasing at an alarming rate. Our recent research revealed that 50% of organisations either ‘hit pause’ or decreased their spend on cyber security during the pandemic. Following this lack of growth in cyber budgets, IT leaders are now planning to increase their cyber budgets by an average of 8.4% over the next twelve months. However, with inflation running high, it remains to be seen whether this modest increase in budgets will be enough to make up for ground lost during the pandemic.

 

S-RM ANALYSIS
With cyber-attacks becoming more frequent and sophisticated, the onus is now on business leaders to commit to strategic investment in cyber security. This is the only way they can reliably reduce cyber risk and minimise the financial and reputational damage caused by incidents.

3. More scrutiny on ransom Payments

One result of the higher volume of ransomware attacks and their increased impact over the past 18 months is that the US government, and supporting law enforcement agencies, have become more active in combatting ransomware groups.

 

"One result of the higher volume of ransomware attacks over the past 18 months is that the US government, and supporting law enforcement agencies, have become more active in combatting ransomware groups."

 

An effective and increasingly used method in the fight against ransomware is sanctions. Several ransomware groups and their associated cryptocurrency wallets are listed as sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC) and we expect more to be added to this list over the coming year. In addition, for the first time, OFAC has also sanctioned a cryptocurrency exchange for facilitating ransomware payments.

 

S-RM ANALYSIS
The measures witnessed in the US, and others like them, serve as a significant deterrent to victims contemplating paying a ransom: victims must now ensure they have undertaken comprehensive due diligence on threat actors making demands before making ransom payments to ensure they are not falling foul of the rules.

4. Increased focus on remote work security

Our research suggests that we are unlikely to see a return to ‘full office’ working in the short term; indeed, companies told us they are expecting 51% of their workforce to work from home for the next 12 months.

 

"Over the next year, we will likely start to see new technologies and security solutions that assist companies in managing remote working security"

 

The Covid-19 pandemic normalised home working and saw professionals investing heavily in home office kit and faster broadband. This has been great news for threat actors, as organisations’ attack surfaces have extended beyond the confines of the office building into a myriad of poorly secured home networks, each supporting dozens of devices bringing their own vulnerabilities to the table. The explosion of “internet of things” devices, where dishwashers, lightbulbs and doorbells may all be connected with minimal security to a high bandwidth home network, further opens the door for exploitation. An environment where colleagues rarely meet in person and carry out the majority of communications via chat platforms also presents opportunities to socially engineer workers into unwittingly divulging passwords or other key details to threat actors.

 

S-RM ANALYSIS
Over the next year, we will likely start to see new technologies and security solutions that assist companies in managing the remote working security dilemma without invading employees’ privacy at home.

5. Cyber Insurance Market continues to harden

Throughout 2019 and 2020, most organisations were able to obtain cyber insurance with relative ease and at relatively low cost, as the insurance market saw intense competition for customers. However, this dynamic has changed with insurers experiencing significant losses associated with the rapid rise in cyber incidents. Insurance firms are no longer as willing to underwrite the risks associated with cyber security as they once were, and we expect premiums to increase and the cyber insurance market to continue to ‘harden’ throughout 2022. According to our research, 50% of IT leaders said their organisation had a cyber security strategy but had not been able to fully implement it. Organisations such as those with an immature cyber security posture may find it increasingly difficult to obtain cyber insurance.

 

S-RM ANALYSIS
Alongside higher insurance premiums, we anticipate that the increasing frequency of cyber-attacks may mean that some insurance firms turn to co-insurance models, where the insured and insurer agree to share costs of claims.


The changes to the market make it clear that cyber threats can no longer be managed by simply ‘transferring’ risk to an insurer. Prevention and cyber preparedness will become ever more important in 2022 and beyond as organisations are forced to take more responsibility for their own security.

 

DOWNLOAD OUR LATEST REPORT 

Investing In Cyber Resilience Report Download Button

To discuss this article or other industry developments, please reach out to one of our experts.

Ted Cowell
Ted cowell Director, Cyber Security Email Ted
Kyle Schwaeble
Kyle schwaeble Senior Analyst, Cyber Security Email Kyle

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report