With digital adoption accelerating faster than ever, cyber threats and risks are not slowing down. To predict cybersecurity threats and trends in 2022, it helps to look at what happened in 2021. As we look at what’s to come in 2022, we’re expecting new and evolving cyber threats to countless sectors.
To continue building on the efforts of 2021, business leaders will need to address how they plan to implement the latest devices without creating vulnerabilities to cyber threats. This growth will be driven by a number of possible threats. These threats will increase as new technologies connect to more networks. 2022 has to be the year of integrating improved cybersecurity practices and building greater resilience to these threats in all aspects of day-to-day business operations. Businesses and organizations of all levels and sizes need to assess how they will respond to advanced cyber threats.
In 2022, cybersecurity spending is expected to remain the same as in 2021. Most budgets for 2022 were increased or similar to the budgets of 2021, but there are cases where the budget in 2022 is less than that of 2021. According to PwC’s Global Digital Trust Insights latest report, 69% of respondents expect cyber spending to increase, with 26% of respondents expecting related spending to increase by 10% or more. According to estimates from Gartner, information security and risk management spending will reach $172 billion in 2022, up from $137 billion in 2020 and $155 billion in 2021.
Despite establishing a budget, cyber spending from business leaders will likely become more cautious. Business leaders and cybersecurity executives agree that they must take the necessary steps that will prove that their investments in cybersecurity provide value and will ultimately enhance the cybersecurity posture of their businesses. Cyber threats and risks increase every day, so leaders must continue to invest in cybersecurity.
To invest in cybersecurity where it is really needed, business leaders and cybersecurity executives must be aware of the best level of protection. Investing in cybersecurity is more than just having the latest technologies. More businesses and organizations are moving toward identifying the vulnerabilities first and then prioritizing investments according to the probability of a cyber attack and the severity of the damage.
More Ferocious Cyber Threats
Business leaders should expect both increased sophistication of cyber threats and attacks and potentially greater ferocity. This could include malicious acts such as double extortion during a ransomware attack. This involves the data being sold online whether the ransom is paid or not. Double extortion will become a common type of cyberattack in 2022.
There is even the anticipation that a double extortion ransomware attack that spreads globally will take place at some point in 2022. Businesses and organizations that acquire large amounts of data or utilize networks that manage critical infrastructures will be at a more significant risk. Business leaders must focus on cyber capabilities that will deter malicious actors, but this may not be as effective.
Ransomware Will Continue to Disrupt Operations
In 2021, we witnessed the type of disruption that ransomware gangs can cause. Ransomware gangs attacked and terrorized businesses and organizations of all sizes. The threat of ransomware isn’t going anywhere in 2022. Predictions have been made that the frequency and intensity of these ransomware attacks will significantly increase in 2022. Ransomware attacks have already proven to be a money-maker for ransomware gangs, so the increase of these attacks in 2022 should be no surprise. Organizations should expect ransomware to not only become more sophisticated, but more personalized.
Phishing Attempts Will Increase in Frequency and Sophistication
Phishing scams did not make their introduction in 2021; they have been around for a long time. However, phishing scams have become more advanced and are occurring more and more. While many businesses and organizations have implemented or improved employee training and awareness programs, this is not going to be enough. Malicious actors are evolving their phishing tactics to make their attempts look more legitimate.
In 2022, expect to see not only an increase in phishing tactics but an even more sophisticated form of these attacks. Cybercriminals are no longer just relying on their usual tactics. Cybercriminals are looking to develop their tactics in a way that leverages attacks that are more personalized and customized based on the data they can acquire from online outlets. As the year goes on, it will become even more difficult to separate phishing attacks from legitimate communications.
There Will Be a Mad Scramble for Cyber Insurance
Even before 2021, cybersecurity insurance was an accepted part of an organization’s risk management strategy. Unfortunately, ransomware attacks, data breaches, security breaches, and other cybersecurity fallouts have caused quite a stir amongst the cyber insurance industry. Many business models have been put in jeopardy due to cyber insurance, or the lack thereof.
Due to the ever-growing cybersecurity landscape, many cyber insurers continue to increase their rates and are dropping coverage of businesses and organizations that are viewed as a high-security risk. Some cyber insurers have made the decision to leave the cyber insurance market due to the massive changes and changing expectations.
In 2022, we expect an overflow of cyber insurance cancellations and a fight to obtain new cyber insurance coverage. Unfortunately for many businesses and organizations, this will likely lead to an increase in their rates. To obtain cyber insurance coverage and acquire the best rates, businesses and organizations will need to show that they are taking cybersecurity seriously. Businesses and organizations must showcase the proper cybersecurity hygiene required from their cyber insurance providers.
Businesses and organizations that fail to have the proper cybersecurity controls in place will not have the protection they need when they need it the most. Failing to maintain the proper security hygiene will provide cyber insurers a reason to refuse to pay out after a cyber incident, or the insurer may terminate coverage altogether.
In 2022, we expect to see a growth of complexities in the cybersecurity landscape. Your business or organization must be prepared to stay ahead of the risks. To tackle the cybersecurity threats we are anticipating in 2022, we encourage you to take what you learned in 2021 and use that to create a strategy that will work in 2022.
At HRCT, we offer cybersecurity solutions that will help protect organizations from cyberattacks. Are you prepared for the cybersecurity challenges that 2022 will bring?
Thanks to our colleagues at GenerationIX in Los Angeles for their friendship and help with our technical articles. Click here to learn more about their IT business in Los Angeles.
