Cyber Risk Management in 2021: Key predictions and trends

Following our recent blog, Our cyber risk predictions of 2020: What effect did Covid-19 have?, we now look ahead to this year, one that we hope will be less turbulent and more productive for all. 

For security leaders, the pandemic accelerated technology adoption with a corresponding dependence on IT to safeguard organizations. Unsurprisingly, this exposed vulnerabilities. One survey reported that 60% of organizations reported cyberattacks during the pandemic with 51% saying the attackers managed to get past their defenses.

For 2021, cybersecurity will not only be a concern, but also a priority. Executives will want their teams to stay agile and resilient as the pandemic and its disruptions continue to cause uncertainty. To keep you two steps ahead of new and evolving threats, Acuity has prepared predictions for the next 12 months…

Gartner predicts that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024, as the financial impact of breaches grows.

Remote working continues – and its cybersecurity risks 

Remote working may have looked like a stopgap measure in the early days of the pandemic, but a hybrid home/office arrangement looks likely to be the norm going forward. With the standard security precautions of office-based digital work no longer in play, IT departments have had to scramble to provide cybersecurity protections for workforces scattered across hundreds or thousands of home-working environments. This will continue to have security impacts in the coming year. According to a survey by the Ponemon Institute, 95% of organizations experienced at least one business-impacting cyberattack in the past 12 months (Tenable, 2020).

Organizations will want to ensure that remote workers are not exposing the business to new and unacceptable risks. If they haven’t done so already organizations will need to secure endpoints, consider VPNs, provide employees with secure, standard build devices to avoid BYOD weaknesses and educate everyone on cybersecurity best practices. Organizations should also not forget the potential health, safety and wellbeing risks from homeworking and help their employees to assess and manage these. 

Digital transformation keeps surging – requiring agile risk management responses

Last year, companies were under immense pressure to modernize their operations, maintain competitiveness and ensure continuity. Indeed, 97% of the executives who responded to a Twilio survey said that the pandemic accelerated their digital transformation. The risks to organizations’ operations continually evolve. In today’s digital era, risks go beyond the familiar ones of fraud, human error and technical failure to include risks related to artificial intelligence, robotic process automation and weaponized misinformation. An agile approach to risk management is needed to keep pace with the rapid changes resulting from digital transformation.

Yet organizations face budget cuts, including cyber security 

Prior to 2020, cybersecurity budgets were increasing. Plummeting revenues forced many organizations to cut their budgets, including those for cybersecurity. The risks remain, however, so attention must turn to optimizing spending and providing demonstrable results. Businesses will need to understand cyber and other operational risks to maintain resilience. Currently, less than half of security leaders frame cybersecurity threats within the context of business risk (Tenable, 2020) but we expect this to increase in 2021. This will also influence how risks are communicated to the senior leadership team as it recognizes the materiality of cyber risk to the business.

Growing reliance on SaaS for risk management and security

The more technology that organizations operate themselves, the greater the complexity, the slower the adoption and the higher the costs. In response to this SaaS tools have emerged for risk management and cyber security, helping organizations to eliminate silos by providing broad access across the enterprise, avoiding capital expenditures and promoting collaboration, particularly while working remotely. 

And there are clear cybersecurity management payoffs: Tenable found that business-aligned security leaders are eight times more likely to be highly confident in their ability to report on their organizations’ level of security or risk than their more siloed peers.

With the pandemic generating even more interest in integrated risk management (IRM) technology and services, Gartner predicts the market to grow to $9.3 billion by 2023. 

Striving towards a balanced approach

We truly hope that 2021 will be a healthier, safer, and more prosperous year for everyone, but we must remain vigilant and watch out for new risks.

There is no doubt that the coming year will continue to challenge the resilience and agility of businesses around the world. As organizations digitize, cybersecurity and risk management will play critical roles in both strategy enablement and ensuring survival. But we must remember that the two are not mutually exclusive, they go hand in hand and emphasizing one over the other will leave you out of balance and vulnerable.

At Acuity, we recognize how critical a balancing act this is. As always, we will be ready to provide assistance in managing your risks effectively and efficiently in 2021, and in the years to come.