CISOs must face up to ‘daunting challenges’ in 2023, warns cyber expert

Chief information security officers (CISOs) will face “daunting challenges” next year amidst global economic uncertainty and comprehensive new cybersecurity legislation focused more on businesses’ cybersecurity practices, warns an outlook by Copenhagen-based cybersecurity firm Logpoint. Logpoint chief technology officer Christian Have said that cybersecurity now has the attention of the c-suite, but adds that CISOs need to up their game. He believes that 2023 is the year CISOs will be empowered, and forced, to address cybersecurity from a business perspective. “Adversaries don’t care about risk assessments, nor does the stock market,” said Have. “CISOs must ensure that the organisation can protect against real threats and prove it to the c-suite, demanding more cybersecurity than ever due to the NIS2 directive and grim economic outlooks.” The NIS2 Directive was adopted by the European Council at the end of November. It will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors in the EU covered by the new rules, such as energy, transport, health and digital infrastructure. The revised NIS directive aims to harmonise cybersecurity requirements and implementation across different EU member states. To achieve this it sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each country. NIS2 updates the list of sectors and activities subject to cybersecurity obligations and provides for remedies and sanctions to ensure enforcement, explained the European Council. Have predicts five major developments in cybersecurity in the coming year along with adaption to NIS2 These are: The CISO caught between a rock and a hard place Have said the NIS2 directive demands that many organisations strengthen security significantly, while a looming recession will make the c-suite eager to save costs where possible. “The CISOs capable of measuring cyber risk and how effective the cybersecurity setup is in a meaningful way for the c-suite and the technical staff will win,” he said. End-to-end technology leads the CISO out of the dark Cybersecurity teams manage a growing portfolio of security technologies but it’s difficult to measure the efficacy and provide confidence in coverage. “Converging breach and attack simulation with detection, endpoint protection and attack surface management can lead the CISO out of the dark in 2023, uncovering broken processes and shadow IT,” said the Logpoint CTO. Security teams embrace automation Logpoint expects security teams will start taking advantage of automation next year, especially in the mid-market, and the ability to assess automation components by meta-analysis. “The meta-analysis will help drive the CISOs agenda with the c-suite to make the right decisions,” said Have. “It'll make it easier for CISOs to report to the c-suite about general cybersecurity performance.” Cybersecurity technology will protect business-critical systems Logpoint sees CISOs empowered to address the security limitations of business-critical systems such as SAP, Oracle, and Salesforce in 2023. "Applying cybersecurity technologies to business-critical systems will enable the CISO to ensure that invaluable information, such as intellectual property and data about customers, suppliers and employees, will stay protected and that the organisation complies with regulations," commented Have. The XDR bubble will burst In 2023, Logpoint expects CISOs to become increasingly sceptical about extended detection and response (XDR), moving XDR towards the "trough of disillusionment”. “CISOs will learn that XDR doesn't solve all their cybersecurity problems and cannot stand alone. Even though mid-tier enterprises might still consider XDR to cover specific use cases, they'll soon recognise the need for a broader foundation,” concluded Have.

CISOs must face up to ‘daunting challenges’ in 2023, warns cyber expert

Want to read this article?

Read Next

Swedish risk managers told to focus on flexibility rather than resilience

European Parliament votes for ‘hard-fought compromise’ on CSDDD

Rates fall in most regions during Q1 but rise in Europe and US: Marsh

Major cyberattack would hike rates but insurers would ‘brush off’ losses: Lockton Re

Chubb says Q1 saw ‘best rates’ as it books $2bn profit

Swedish risk managers told to focus on flexibility rather than resilience

European Parliament votes for ‘hard-fought compromise’ on CSDDD

Rates fall in most regions during Q1 but rise in Europe and US: Marsh

Major cyberattack would hike rates but insurers would ‘brush off’ losses: Lockton Re

Chubb says Q1 saw ‘best rates’ as it books $2bn profit

Want to read this article?

Read Next

Swedish risk managers told to focus on flexibility rather than resilience

European Parliament votes for ‘hard-fought compromise’ on CSDDD

Rates fall in most regions during Q1 but rise in Europe and US: Marsh

Major cyberattack would hike rates but insurers would ‘brush off’ losses: Lockton Re

Chubb says Q1 saw ‘best rates’ as it books $2bn profit

Related Articles