)
)
We have yet to settle into a “new normal.” In 2022, businesses faced challenges that, while familiar, happened on an unprecedented scale. First, let’s look back at the cultural shifts that influenced the compliance and security sector in the last year.
Contents:
Economic uncertainty
In the fall, the International Monetary Fund reported a “broad-based and sharper-than-expected slowdown” in regards to global economic activity, with skyrocketing inflation rates not seen in decades, apart from the critical phase of the Covid-19 pandemic.
The high cost of essential goods around the globe, dubbed the “cost of living crisis,” is putting pressure on already stretched-thin households. In the United States, the situation can be characterized as in or heading towards recession, depending on how you crunch the numbers.
Rapid evolution of cybercrime
Cybercrime never sleeps. In 2022, the volume of global cyberattacks increased by 38%. And as the industry grows, it continues to evolve. Cybercriminals and gangs are quicker than ever to adapt to vulnerabilities with tactics that, more often than business owners would like, succeed.
In particular, after an already banner year for ransomware in 2021, the presence of this attack vertical in breaches rose yet again last year by 13%. That represents an increase greater than the previous five years combined — bringing the number of breaches where ransomware is involved to one in four.
By 2027, the industry is expected to meet or surpass the United States’ GDP, at a whopping $23.84 trillion. This surge will vastly exceed the acceleration that we have observed in recent years.
Job market volatility
Last year started with well-founded concerns about the “great resignation.” Indeed, 2022 proved to be a record-breaking year for resignations in the United States, topping 50 million and outpacing 2021’s numbers.
But soon enough, a new disruption to the workforce began to make headlines: mass layoffs. Google, Spotify, Amazon, and Salesforce, among other companies, dismissed significant portions of their respective workforces as a cost-cutting measure.
Data privacy legislation
Countries and regions are increasingly adopting GDPR-esque legislation protecting personal data privacy, including the United States. California, Virginia, Colorado, Connecticut, and Utah now have dedicated consumer data privacy laws protecting consumers’ personal data. And all but California’s, in effect since 2020, come into force in 2023.
How did these conditions impact compliance?
In the corporate world, no sector or department was immune to the challenges of the last year. However, compliance and security seemed to have taken a direct hit. Here’s how.
Fewer resources
The economic downturn means less profit and therefore less spending for businesses. A tighter budget means businesses are less likely to invest in new compliance and security-enabling software and programs.
At the same time, workforce turnover from layoffs and departures has left some teams understaffed — which can throttle compliance and security initiatives in two ways. First, compliance and security departments may be directly impacted, resulting in a loss of institutional knowledge and disruption in ongoing projects.
Second, fewer team members overall mean all departments may be stretched thin, increasing individuals’ workload. And when individuals are overworked they are more likely to neglect or deprioritize security protocols.
Higher cyber risk
Cybercriminals’ herculean efforts paid off last year. Hackers succeeded in breaching several high-profile companies including Uber, LastPass, Samsung, and Twilio. What’s more, of this sample, all but Uber have been criticized for handling the cyber incidents poorly, compounding the reputational damage they suffered.
For many leaders, these well-publicized breaches put them on high alert. Others did not have to look to the headlines for inspiration, having suffered an attack themselves. In fact, though it might not make the news, small and medium-sized businesses with between 11 and 200 employees are top targets of cybercriminals and suffer the most ransomware attacks.
All told, the heightened risk left businesses with a renewed focus on bolstering security, potentially beyond meeting compliance standards: to build tougher resilience in an increasingly risky environment.
More measures
The introduction of new laws pertaining to data privacy means more mandatory standards for compliance professionals in the applicable states. Meanwhile, so-called voluntary compliance certifications are quickly becoming the new standard to build trust among business partners and privacy-conscious consumers.
This renewed pressure on achieving emerging mandatory and “voluntary” compliance standards, combined with the all-too-common situation of suffering a cyber event in real time, pushed compliance and security professionals into a reactive position.
Summary
Uncertainty and the acceleration of cybercrime have fostered a high risk cyber climate — with businesses fearing the fallout of a data breach or dedicated attack. Accordingly, interest in conforming to compliance certifications as a means to establish best security practices has increased.
At the same time, the bar for mandatory compliance standards, both regulatory and legislative, has continued to rise.
Both trends toward more rigorous standards are happening as resources are stretched thin, due to workforce and economic instability.
What does all of this mean for compliance in 2023? Read on for lessons learned and predictions.