Huntsman Security recently announced its cyber security predictions for the year 2023, including the importance of cyber security posture, systematic risk management and the expected changes driven by the insurance industry. In addition, the company outlines why cyber security guidelines are most likely to become global, and why the industry needs to evolve from “eminence-based” decision making to a more scalable evidence-based approach.
What can organisations do to limit potential attack risk?
Although the rise in the number of ransomware attacks has flattened, organisations still need to be aware of the areas of potential attack risk (attack surfaces) and they must be able to demonstrate control of them. Therefore, organisations should focus on the following:
- Cyber Security Posture – Measuring the state of cyber resilience or overall cyber security readiness; or the more targeted
- Attack Surface Management (ASM) – Accurate visibility of the “attack surface” – the IT infrastructure assets and the relative risk resulting from vulnerabilities and misconfigurations.
As organisations continue to seek greater efficiency, and adversaries continue to attack emerging weaknesses, 2023 will see the rapid adoption of these stated solutions to quickly and more accurately prioritise and report any sudden changes in their cyber posture.
Security controls will be key to all insurers better supporting their customers and more accurately pricing cyber risk. 2023 will see insurers demanding increased controls and quantitative measurement alongside a rise in regulatory requirements for cyber risk oversight.
Corporate governance rules are now converging, with governments and organisations all facing similar if not the same threats. Organisations everywhere will need to comply with these increasingly common cyber controls to meet all multi-national regulations. In 2023, cyber governance will become more formalised, and the cyber security decisions companies make, will be the subject of increasing accountability and scrutiny by the government.
Cyber security decisions are based on the eminence, reputation and experience of industry experts. With growing cyber resourcing issues, however, real-time evidence, new risk frameworks and measurement methodologies are becoming a more critical element of effective cyber governance. 2023 will see a move to evidence-based decision making – aided by the availability of technologies to enable measurement and systematic management of risk data.