Forrester analysts share 5 shocking cybersecurity predictions for 2023

The cybersecurity and risk privacy landscape is changing rapidly. Many analysts’ 2023 cybersecurity predictions suggest that organizations should not only optimize existing processes to combat threat actors, but also reevaluate how they approach cybersecurity as a whole.

Recently, Forrester analysts shared some of their top cybersecurity predictions for 2023 with VentureBeat. These highlight that there is a cultural shift taking place in the way organizations deal with risk and privacy issues.

Some of the most shocking predictions from Forrester analysts include: cybersecurity workers becoming whistleblowers in response to burnout; C-level executives come under fire for using employee monitoring; and more cyber insurance providers making the leap into the MDR market.

Below is an edited transcript of their responses.

More than 50% of chief risk officers (CROs) will report directly to the CEO

“As companies embrace innovation and digital strategies, they are also now facing unprecedented changes due to systematic risk forces, an evolving regulatory landscape, supply chains still in chaos and a shift in customer expectations.

As companies expand their risk management strategies to include new sources of risk and shift their focus to non-financial risk, the role of chief risk officer (CRO) is becoming increasingly important, even in non-financial companies.

But it’s not enough for today’s CROs to protect against the downside of risk (i.e. compliance, insurance). As risk management gains more attention and becomes more prominent internally, CROs are tasked with finding growth opportunities.

In this capacity, risk management is not a ‘cost of doing business’, but an opportunity to ‘get more business’. This is driving a shift in the reporting structure, with more CROs reporting directly to the CEO.”

— Forrester senior analyst Alla Valente

A C-level executive will be fired for their company’s use of employee monitoring

“With the emergence of remote and anywhere working options, some employers are turning to technologies for electronically monitoring employees. Companies should prioritize privacy rights and employee experience when implementing monitoring technology, whether tracking employee productivity, enabling a return-to-office strategy or addressing insider risk concerns.

“It is a business initiative that companies need to be very careful about in planning and implementation because there are many opportunities for disaster from a regulatory and workforce perspective.

“Monitoring efforts may violate data protection laws such as [the] GDPR, as well as newly passed laws in New York and Ontario, Canada specifically related to employee monitoring. In 2023, we can expect increased legislature attention to workplace oversight issues, such as California’s proposed accountability bill.

“We are also likely to see more worker protests, as well as union strikes and organizing activities in response to surveillance efforts perceived as intrusive and overreaching by employers.”

— Forrester principal analyst Heidi Shey

Expect three cyber-insurers to acquire MDR providers

“Cyberinsurers will aggressively enter the MDR segment, calculating that it is better to provide detection and response services to the customers they underwrite, rather than relying on the customers to do it themselves. This continues the trend that has started Acrisure in 2022.

“MDR acquisitions provide insurers with: 1) high-quality data on attacker activity to refine underwriting guidelines; 2) unparalleled insight into the policyholder environment; and 3) the ability to verify certificates.

“Security leaders purchasing MDR from an insurer should consider how the insurer will use telemetry at underwriting — which is unlikely to be to the buyer’s advantage; whether they believe the insurer will invest in providing cybersecurity services such as MDR; and if they think their insurer can help them stop active seizures.”

— Forrester VP Chief Analyst Jeff Pollard

“Security professionals and attackers use post-exploit kits such as Cobalt Strike, Metasploit, Mimikatz and many others. Some providers share disclosures or include a due diligence process before sales to ensure customers don’t use the technology for harm.

“As more of these tools emerge, companies and governments will put pressure on suppliers to make sure tools don’t fall into the wrong hands, which will impact how these tools are created and shared.

“In 2023, this will lead to a lawsuit against a provider, which could set a precedent for other software products to be caught in the crossfire, especially as tensions arise over third-party infringements. Limit your exposure by securing what you sell as part of your cybersecurity program.

— Forrester senior analyst Allie Mellen

A Global 500 company will be exposed for burning out its cybersecurity workforce

“Weaknesses in cyber defenses have the potential to impact society at mass levels. The teams at the heart of this defense are understaffed and burnt out. A 2022 study finds that 66% of security team members experience significant stress at work and 64% have experienced work stress that impacts their mental health.

“Similar findings were reported incident responders, who work more than 12 hours a day in the first week of an incident. Burnout goes far beyond mental health, resulting in health risks and even death.

“In a critical national infrastructure study57% of security directors cited burnout as the main reason for leaving [the] profession. In addition, a WHO study shows that those who work 55 hours a week have a 35% higher risk of having a stroke. And by 2022 there will have been burnout-related deaths among tech workers in Australia and China.

“In 2023, a security officer will report unsafe working conditions via a technical line whistleblowers. Evaluate and address the input burnoutprovide physically and psychologically safe environments and support security teams with the tools, processes and budgets they need to do their jobs.”

— Forrester VP and Principal Analyst Jinan Budge