Dive Brief:
- A broad expectation for economic headwinds and continued market volatility exacerbates risks across the cybersecurity sector, the Bipartisan Policy Center said in a report released Sunday.
- Difficult decisions about personnel and budgets can create or increase cybersecurity risks by reducing spending or deferring costly but important updates to operating environments and corresponding controls, the Washington-based think tank said in the report.
- Lagging corporate governance, vulnerable infrastructure and a lack of investment and preparedness are among the top macro risks most likely to impact organizations this year.
Dive Insight:
Global economic uncertainty hangs over everything like a dark cloud, which is triggering market volatility and risks across the cybersecurity sector too.
“Cybersecurity is not immune to recessions — research indicates that cyberattacks increase during and following economic downturns,” the think tank said in the report.
Key risk factors related to a potential recession include delayed innovation and inadequate budgets for long-term investments.
Organizations have improved corporate governance in cybersecurity, but the headway has been modest at best, according to the Bipartisan Policy Center. Distance between security professionals and the C-suite on information flow and decision making, and a lack of technical expertise on boards of directors are compounding this risk and must be addressed.
The think tank also called out vulnerable infrastructure, particularly third- and fourth-party vendors that may lack necessary cybersecurity controls, as a top risk for 2023.
“Vulnerable software, operating systems, or other infrastructure almost always factor into consequential security incidents and data breaches,” the report said.
“Keeping pace with patching and replacing end-of-life software and hardware is a major operational burden for organizations of all sizes. When this need is ignored, the cost, complexity and likelihood of incidents multiply over time,” the think tank warned in its report.
Other top macro risks include overlapping and conflicting regulations, talent scarcity, geopolitical tension and an accelerating cyber arms race.
The report pulled from a working group assembled to identify the top cybersecurity risks confronting all stakeholders. Members include current and former officials in state and federal government and executives from banking, cloud, communications, health, energy and other sectors.