2021 will be the beginning of a transition toward a new normal. Organizations will continue to adapt to new business models and changing customer expectations simply because they must in the face of economic uncertainty, social movements, and changing geopolitics. This will have significant impact for information and IT security professionals across the globe.
For cybersecurity, here’s what we expect to see in 2021:
- A CISO from a Global 500 firm will be fired for instilling a toxic security culture. Toxic security team culture harms employee retention and hinders recruiting. CISOs are responsible for identifying and addressing such issues on their team, but what happens when the problem stems from the CISO? Empowered employees understand that social media can amplify concerns if their company disregards them. Professional networks once privately shared details of toxic leaders and individuals to avoid, but now that conversation will become public — and rightfully so. 2021 will be a year of reckoning for leaders who create, tolerate, or ignore hostile cultures. CISOs must invest in improving empathy and people management skills and cultivate a positive culture for their teams to thrive in.
- Funding for non-US-headquartered cybersecurity companies will increase by 20%. Startup creation is increasingly a source of national pride and investment in Europe and Asia Pacific. Moves by the EU Commission to promote its digital sovereignty and further economic protectionism in Asia will result in increased funding for regional cybersecurity firms. Multinational firms must give up their single sourcing approach and accept the reality of point solutions based on region. Develop a startup scouting capability to identify promising new regional security technology, build an adaptable procurement and sourcing plan to obtain them, and create standard security guidelines to create consistency across disparate vendors.
- Audit findings and budget pressure will lead to an uptick of risk quantification tech. Struggling firms cut spend on staffing and technology to survive 2020. In 2021, stagnant or declining budgets will require solid justification for spending. Risk quantification solutions that provide insights into the criticality of assets and potential impact of an issue in real time with business context will help security leaders determine what stays, what goes, and where limited increases should go. Examine risk quantification solutions — and their substantial required dependencies — to move beyond the tried-and-true basic business case that was sufficient during the growth years.
And yes, there will be data breaches and ransomware. Read our report for more details and more 2021 cybersecurity predictions.