Hiscox identifies 6 cybersecurity trends for 2023

In recent years, companies have been placing cybersecurity higher and higher on their agendas. In fact, according to theHiscox Cyberpreparedness Report 2022 , cybersecurity is the problem of most concern for 48% of Spanish companies and, in the last year, they have increased their IT budget by 4.7 million euros, reaching an average of 17.7 million, as well as the percentage of it dedicated to cybersecurity, which amounts to 24% of the total.

In a context such as the current one, marked by the acceleration of the digital transition derived from the exponential adoption of new technologies and new work models in companies, cybersecurity opens new fronts every day. As technologies introduce more advances, attacks by cybercriminals also become more sophisticated, introducing novelties such as social engineering techniques, such as phishing or ransomware which, according to the same report, is already one of the most frequent types of crime towards SMEs and already reaches 22%, followed by Denial of Service (38%) and financial fraud (32%).

With the start of the new year, it is always interesting to know where cybersecurity-related risks are going to focus. Therefore, Hiscox C3, a division of the company formed by cybersecurity experts that constantly analyzes the market, trends and portfolio worldwide, has identified the main trends in cybersecurity that will stand out in 2023:

1. Activist-motivated cyber-attacks: the Russian-Ukrainian war has also been celebrated through cyber battles, fought by 'cyber-activist' armies on both sides. In fact, the Ukrainian activist army, calling itself the "Ukrainian IT Army", has around 210,000 members. In recent months, climate protests have also seen an escalation in groups relying on civil disobedience, with actions such as roadblocks or increasing attacks on artworks in major museums around the world. In 2023, climate tension is expected to increase and, with it, the possibility of activists resorting to cyber-attacks.
   
   
2. Fragmentation of ransomware gangs: according to the Hiscox Cyber Readiness Report, ransomware attacks in Spain only accounted for 11% in 2020, compared to 20% in 2021. In the wake of these increases, strong pressure was exerted to stop these cybercriminal groups but when the authorities are close to disabling them, it often happens that these, to avoid being discovered, split into smaller, lower-profile ones and, having fewer resources, seek to operate in a targeted manner by specific industries or geographies. In 2023, it is expected that ransomware will tighten its grip, but also that these small groups of cybercriminals, and the activities associated with them, will increase.
   
   
3. Passwordless authentication and biometrics: the rate of implementation of the security standard in companies has increased considerably in recent times and is already considered a fundamental requirement in the protection of remote services and online accounts. With biometrics now integrated into every modern device, phishing becomes much more complicated, as it requires physical access to the device. Due to its security and ease of use, its implementation is expected to increase by 2023.
   
   
4. Fiber optic cabling: when we talk about cybersecurity, we usually think in digital terms. However, connecting to the Internet requires a physical infrastructure to support it globally. In 2022, there were multiple anonymous attacks on undersea fiber optic cabling between countries, putting daily life and business operations at risk. Attacks such as these are likely to continue in 2023, as they are easy and high-impact targets.
   
   
5. Power outages: one of the effects of the war in Ukraine has been felt in energy supply chains around the world. In this regard, governments have warned that if the struggle to meet energy demand continues, there is the possibility of power outages. This could affect cybersecurity, as data centers could suffer power losses, so that companies could not only have power problems in their offices, but also see their remote work, data storage, etc. affected, which could affect their business activity, even bringing it to a standstill.
   
   
6. Internal threats: In 2022, both households and companies around the world suffered the consequences of high inflation, paralyzed supply chains and a generalized reduction in economic activity. In 2023, this socio-economic situation is expected to continue and, as a result, tension among society will increase. This may have unintended consequences, such as individuals tending to take greater risks or engage in illicit behavior in search of greater economic compensation, as well as experiencing a drop in their morale. Within the company, this could translate into an increased risk of internal corruption, the acceptance of bribes in exchange for information or intellectual property and, in general, financial fraud.

"There is no doubt that the momentum and acceleration of digital transformation has significantly changed the risk paradigm. Over the last few years, we have witnessed both the increase in cyber attacks on companies and the costs they cause them. Therefore, at Hiscox we believe it is essential to work actively to claim the leading role that should be given to cybersecurity and support companies in identifying threats and putting in place the means to help prevent them," says Benjamin Losada, senior Cyber underwriter at Hiscox.