What you need to know about cybersecurity in 2022

Digitalization has increased during the COVID-19 pandemic. The global use of services such as video conferencing has grown tenfold. As the use of digital tools increases, so does the amount of data created. The World Bank estimates that, by 2022, annual total internet traffic will increase by about 50% from 2020 levels, reaching 4.8 zettabytes. If you were to store 4.8 zettabytes on DVDs, your stack of DVDs would be long enough to circle the Earth six times.

The pandemic has also shown us just how interconnected all businesses are and how increased digitalization has thrust the global population onto a new trajectory of cyber threats and attacks. In 2021, we saw critical infrastructure breaches and how one company’s cybersecurity can have a cascading effect on many others, from direct customers to end consumers, up and down the US’ Eastern Seaboard.

Considering these ongoing cyber challenges, the World Economic Forum’s Centre for Cybersecurity has published the Global Cybersecurity Outlook 2022 laying out foresight and critical findings collected from more than 120 global cyber leaders. What are their main perceptions, concerns and predictions?

The Global Cybersecurity Outlook 2022 sheds light on valuable insights about the state of cyber and perceptions about the current path of cyber resilience. Our research suggests three main perception gaps between security-focused executives (e.g. a chief information security officer) and business executives (e.g. a chief executive officer). These gaps are most visible in the following three areas:

1. Prioritizing cyber in business decisions: while 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies, only 55% of security-focused executives surveyed agree with the statement.

2. Gaining leadership support for cybersecurity: 84% of respondents say cyber resilience is considered a business priority in their organization with support and direction from leadership, but a smaller number (68%) see cyber resilience as a major part of their overall risk management. Owing to this misalignment, many security leaders still express that they are not consulted in business decisions, which can hamper identification and mitigation of security risks and result in less secure decisions. Cybersecurity is still an afterthought in too many organizations.

3. Recruiting and retaining cybersecurity talent: our survey found that 59% of all respondents would find it challenging to respond to a cybersecurity incident owing to the shortage of skills within their team. While a majority of respondents ranked talent recruitment and retention as most challenging, business executives appear less acutely aware of the gaps than their security-focused counterparts, who perceive their ability to respond to an attack with adequate personnel as one of their main vulnerabilities.

Our research also interrogates the ever-growing threat from ransomware. The survey confirms that ransomware attacks are at the forefront of cyber leaders’ minds. More than 50% of respondents indicated that ransomware was one of their biggest concerns when it comes to cyberthreats. In addition, 80% stressed that ransomware is a dangerous and growing threat to public safety. Ransomware attacks are increasing in frequency and sophistication and were followed by social engineering attacks as the second-highest concern for cyber leaders.

Number three on this list is malicious insider activity. A malicious insider is one of an organization’s current or former employees, contractors or trusted business partners who misuse their authorized access to critical assets in a manner that negatively affects the organization.

Although there are many factors that influence cybersecurity policies, most respondents (81%) said digital transformation is the main driver in improving cyber resilience. A high percentage (87%) of executives are planning to progress cyber resilience by strengthening resilience policies, processes and standards for how to engage and manage third parties.

Our research suggests that the cyber resilience of small and medium businesses (SMBs) is seen as a critical threat to supply chains, partner networks and systems. In our research, 88% of respondents indicated that they are concerned about the cyber resilience of SMBs in their ecosystem. In addition, almost half (48%) of respondents believe that automation and machine learning will introduce the biggest transformation in cybersecurity in the next two years. Indeed, these technology developments will almost certainly increase the already existing imbalance between attackers and defenders.

While cyberattacks will not stop any time soon, nor has any magic bullet been found to resolve all the issues in cybersecurity, there are clear and concrete steps that leaders can take to best prepare themselves and their organizations for an attack. Cybersecurity is not a separate technology, but rather a priority of the systems spanning technology, people and processes in the Fourth Industrial Revolution. The ongoing shift from cybersecurity to cyber resilience is an important step towards a more trustworthy and sustainable future.

Significant digitalization has provided a pathway for engagement and connectivity at a time when the world was supposed to stay apart. Its benefits are clear, but so are the threats. To assure we maintain a trusted, secure and protected digital environment, it is imperative that leadership teams better incorporate cybersecurity and break down siloes both within and between organizations to improve cyber resilience.