What is cybersecurity?

Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. These attacks are often aimed at accessing, changing, or destroying sensitive information.

Ransomware is a type of malicious software that encrypts a victim's files, making them inaccessible until a ransom is paid to the attacker.

What is compliance in finance?

Compliance in finance refers to the process of adhering to laws, regulations, and guidelines set by governing bodies to ensure ethical and legal business operations.

What is risk management?

Risk management involves identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.

What is digital transformation?

Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how it operates and delivers value to customers.

Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > What’s new for 2023: predicting the impact of a changing world on cyber risk

Technology

What’s new for 2023: predicting the impact of a changing world on cyber risk

Published by Jessica Weisman-Pitts

Posted on December 8, 2022

6 min read

Last updated: February 2, 2026

Futuristic digital landscape representing cyber risk and technology trends for 2023 - Global Banking & Finance Review — A futuristic graphic illustrating the interconnectedness of technology and cyber risk in 2023. This image relates to the article's exploration of the changing cybersecurity landscape and its implications for businesses.

More of the same

The truth about the cyber risk and threat landscape is that it doesn’t simply change with the calendar year. In reality, many of the trends we’re likely to see in 2023 will be a continuation of those we’re already pretty familiar with. As the economic picture worsens, more emphasis will fall on IT leaders to support efficient growth, cost savings and productivity. That means outsourcing more of the infrastructure heavy lifting to cloud computing providers. This will help to keep remote workers online and power better customer experiences. But the expanded attack surface will be a challenge. One recent study found that over two-fifths of organizations felt their attack surface is “spiralling out of control.” Expect this figure to grow in 2023.

The rush to trim costs and drive efficiencies may also imperil security budgets themselves, especially among SMBs. That would be a mistake, given the potential financial and reputational costs that could stem from a serious breach. Fortunately, IT spending is forecast to continue rising, with security accounting for the biggest share of software. Whether there are enough skilled infosecurity practitioners in-house to manage these products is another matter. Outsourcing elements of the function like SecOps to specialist third-party providers is likely to become increasingly common as skills shortages worsen and staffing budgets feel the pinch.

Ransomware leads the field

What of the threat landscape next year? It’s difficult to think of anything other than ransomware continuing to be the number one risk to businesses in 2023. The Putin regime will continue to harbor some of the world’s most prolific ransomware actors, and as long as their tactics, techniques and procedures (TTPs) continue to bear fruit, little is likely to change. Growth in the volume of attacks might not hit the 93% year-on-year rise we saw in 2021, but for network defenders the relative success of ransomware-as-a-service will mean more attempts to steal, encrypt and hold to ransom their most business-critical data. We may even see the emergence of more groups like the infamous Lapsus$ collective. These will not even bother to deliver a ransomware payload, and instead simply seek to extort their victims with the threat of releasing sensitive internal and customer data.

Businesses will not only face a surging threat from Russian hacktivists, but also state-sponsored actors in 2023. Geopolitical tensions show no signs of abating thanks to war in Ukraine, Chinese nationalism, perennial North Korean provocation and an unstable Iran. Increasingly, cyber-attacks are being used by nations to project hard power, achieve geopolitical goals that diplomacy cannot, and even generate funds for isolated regimes. Whereas once the targets for such attacks were limited to governments, military and defense firms, today they could encompass a large range of critical infrastructure providers and even supply chain partners.

That leads on neatly to one of the other key themes of 2023: supply chain threats. It could be digital suppliers like software firms that are compromised to insert malware into updates, as per the SolarWinds attack. It could be managed service providers that are compromised to infect downstream customers. Or it could be a single partner like a law firm targeted for the data it holds on its clients. Whatever the cause, organizations will need to move from point-in-time, questionnaire-based partner assessments once or twice a year, to continuous risk management.

The cost of compliance

Business leaders should be treating these trends and threats with a certain degree of urgency. Why? Because of the increasingly complex and expansive regulatory landscape. Gartner predicts that by the end of 2024, three-quarters (75%) of the world’s population will have its personal data covered by privacy regulations. Although following the lead of the EU’s GDPR, many new laws have even harsher penalties such as jail time for executives.

It’s critical that organizations keep a close eye on developments and seek out technology that can help to reduce the scope and cost of compliance of such regulations, by keeping data secure but still usable. Gartner predicts that privacy-enhancing computation technologies like data masking and encryption will be used by 60% of organizations in this way by 2025, in use cases like cloud computing and analytics. Crucially they can also help to mitigate the risk of accidental leakage, such as via misconfiguration of cloud systems. And they could help to minimize legal risk as more legal action is taken next year in light of the “Schrems 2” judgement on EU-US data flows.

A changing market

What does all of this mean for IT security buyers? With the average enterprise running 76 discrete security tools, consolidation is the likely direction of travel over the coming few years. That means eliminating data silos and migrating to platform-based offerings – to reduce licensing costs and coverage gaps as well as make things easier for an IT security function increasingly stretched by talent shortages.

The idea of a “cybersecurity mesh” architecture very much follows these lines. By 2024, organizations adopting such an approach will reduce the financial impact of security incidents by an average of 90%, according to Gartner. It offers a promising way to manage what is an increasingly distributed and exposed IT environment. This is also where data-centric security technologies like encryption and tokenization will play an important role. Compatibility and ease of integration will be key selling points as CISOs head for simplicity and control in 2023.

Author Bio:

Thomas Stoesser is a cybersecurity expert who is responsible for product management and marketing at comforte AG, where he is dedicated to developing and launching data security solutions that meet ever-increasing risk and compliance requirements.

He has spent 20+ years in software technology organizations helping shape and create solutions for enterprise and government customers. Thomas has held senior-level positions in sales engineering, product management, and product marketing in companies like Crystal Decisions, Business Objects, and Software AG.