Security 2022: Prioritising ransomware & consolidation, and what to do about cyber insurance

As the effects of the pandemic continue and the world of work adjusts to the 'new normal', how will companies approach security in 2022, and how will they see the most value from their increased spend?


This is a contributed article by Matthew Middleton-Leal, VP EMEA, Qualys.

Security continues to attract investment from IT, and 2022 will be no exception. According to Gartner, two thirds of global enterprises plan to increase their investment in cyber and information security during 2022. In Europe, IT security spending will rise from $37.2 billion in 2021 and surpass $50 billion in value in 2025, according to IDC.

Behind this, there are several trends affecting decisions on how those budgets get allocated and why spending continues to grow. Looking at these trends, we can make some predictions on how companies will approach security in 2022, and how they will see the most value from their increased spend.

Prediction #1 - Boards will get more involved in decisions around security

The number of successful ransomware attacks - and the size of the charges associated with them - have forced enterprises to take security more seriously. In the past, security could be relegated to a technology problem and it would be left to IT to manage. Today, the costs involved make IT security a business risk problem instead.

In 2022, more businesses will look at security as part of the overall risk management approach, as a successful attack can have a material impact on the business. Boards are also going to become more savvy around digital and IT strategies, rather than leaving implementations solely to the technology function. This will mean that IT security leaders will have to provide regular updates on how successful they are in their work and where they are putting budgets to good use. The biggest change is that those updates will be understood and - most importantly of all - listened to.

Prediction #2 - Cyber insurance premiums will lead to changes in strategy and spending approach

Cyber insurance has grown in popularity as a way for companies to manage risk over the past few years. By taking out policies, companies could mitigate some of the effects if they were attacked. However, many of those early policies are now up for renewal in 2022 and the landscape has changed significantly.

According to one insurance firm, premiums for cyber insurance have risen by 300% in the last quarter. On those new policies, ransomware coverage is being removed, so losses due to those attacks or payments made to attackers will no longer be covered. The debate around paying ransom demands has been a grey area in the past, but this will no longer be the case. It means that cyber insurance is no longer the cheaper option for protecting the business against the impact of ransomware that it might have been in the past.

What will the impact be in 2022? Premiums will rise further, so many organisations will put their investment into more internal security resources rather than paying for an external provider that may or may not cover them when they face a problem. Organisations will have to be a lot more assiduous in their planning around security, particularly around ransomware. This includes preventing issues from being exploited through removing security vulnerabilities quickly and putting a full data backup approach in place to ensure that recovery can be carried out.

In 2022, we’ll also see insurers start to mandate basic security hygiene before they agree to cover any organisation, and they will carry out checks to see that the companies they cover are following those rules.

Prediction #3 - Consolidation and integration will be the mantras for 2022

Over the past few years, companies have invested huge amounts in their security providers, and this won’t stop in 2022. The problem is that, as organisations raced to adopt more tooling, integration suffered as a result. Research by IBM has shown that organisations who deploy over 50 tools are eight percent less effective in detecting threats compared to those using fewer toolsets.

In 2022, many CISOs will want to make better use of their team and their budget. They have promised the Board that they will run security successfully, and now they have to get this all working together. As part of this, they have to consolidate what they have acquired over time.

This consolidation exercise can help improve security, but it also comes with a number of unhelpful connotations. Firstly, the CFOs ears typically prick up as they immediately assume that consolidation will lead to cost savings. Equally, IT teams may think they can find one tool to cover all their use cases and get rid of the rest. Sadly, both of these things are not possible straight away.

Next year, we’ll see a greater focus on integration and at a deeper level than just within the SIEM platform. Enterprises will need to re-evaluate their approaches to integration based on the threats that they expect to see and new ones that enter the market. The main benefit from this exercise is that it should free up security staff time to concentrate on improving security across the business and all its operations.

Over time, this can lead to some cost reductions too. This will come from removing old tools where licenses are no longer needed. However, it should not be your primary goal. Instead, concentrate on staff time, as this is probably the most precious resource you have. By consolidating tools and improving integration, you can free up time that would otherwise be wasted.