Cybersecurity is a fast-growing market expected to grow at a 12.3% CAGR from 2023 to 2030. The development of new technologies, the deployment of cloud solutions, the shift to remote work, and the development of IoT devices all play a role in explaining the growing need for cybersecurity solutions. Indeed, there has been an increasing number of cyberattacks as of late, resulting in a 15% annual increase in costs related to cybercrime.

Numerous startups have entered the market to help organisations prevent, detect and respond to cyberattacks. The market counts more than 17k startups today and attracts a considerable number of investors. Indeed, in 2021, cybersecurity startups reached a record amount of $23 billion raised by venture capital. Furthermore, despite a global slow-down in investments, the sector still managed to raise $16 billion in 2022. In this article, we present 5 trends that will drive this market in 2023.

Artificial Intelligence (AI) and Machine Learning (ML)

Cybersecurity experts are increasingly turning to artificial intelligence and machine learning to identify threats more quickly and with more accuracy. According to Capgemini, 61% of companies say they need AI to identify major threats, and 69% believe they will not be able to respond to cyberattacks without the help of AI.

Indeed, AI and ML have many applications in cybersecurity. By analysing large amounts of data, detecting abnormalities and identifying patterns in real-time, AI and ML can identify security threats with more accuracy and speed than humans. Furthermore, they’re able to examine code and spot trends that indicate the presence of malware. Indeed, machine learning algorithms can be trained with vast datasets of known malware to identify new and developing threats.

However, although AI and ML can help bolster cybersecurity, they also introduce new threats and challenges. Indeed, hackers also benefit from the advent of new technologies. They can therefore create cyberattacks using artificial intelligence to their advantage. For example, AI and ML models are subject to attacks like data poisoning, in which a harmful piece of data is deliberately inserted into a training dataset. To protect the security and integrity of AI and ML systems, enterprises must therefore adopt strong security controls, such as limited access, data encryption, and model monitoring. 

UK-based startup, Exalens, has developed an AI-driven platform to automate the monitoring and analysis of security threats across cyber-physical systems. By leveraging AI, their solution can spot threats immediately across a company’s OT, IT and IoT. The latter is of utmost importance today as IoT is highly vulnerable to cybersecurity threats.

Cloud Security

The way we save, access, and exchange data has been transformed by cloud computing. As more companies transfer their apps and data to the cloud, protecting those assets is more important than ever.

Indeed, cloud computing brings a new set of risks and challenges to address in order to ensure the security and privacy of sensitive data. For instance, according to Cybersecurity Insiders’ 2021 Cloud Security Report, 81% of companies stated they had a security issue regarding their cloud environment in the previous year. Security risks were further intensified by the transition to remote work during the Covid-19 crisis. In fact, McAfee recorded a 630% rise in cloud-related attacks in just 4 months, from January to April 2020. Although today businesses are “back to normal”, remote work is still far more prevalent than it was before the pandemic. As a result, the security risks businesses face today remain high. 

Cloud providers’ challenges are therefore increasing when it comes to data privacy, compliance, insider threats, and cyberattacks. In fact, cybercriminals frequently target cloud infrastructure in their attempts to steal client data. To stop attacks, cloud providers must implement robust security measures, including firewalls, intrusion detection systems, and multi-factor authentication. Regarding data privacy, cloud providers must also implement strong encryption and access controls.

Thus, cloud computing and cybersecurity must go hand in hand. A shared responsibility model exists between the cloud service provider and the client. While the customer is in charge of protecting their assets on the cloud, the cloud service provider must protect the cloud infrastructure. Indeed, for security controls to be successful, both sides must cooperate.

In the USA, Abnormal Security has developed a platform for cloud-based email security that integrates with Office 365 and Google Suite. By using artificial intelligence, Abnormal Security can help businesses safely migrate from legacy infrastructure to the cloud. Indeed, the company is able to identify suspicious activity in users’ emails. By analysing identities and the context behind every email received, the startup’s solution prevents inbound email attacks and deletes compromised accounts before any damage can occur.

Social Engineering

Attacks using social engineering are on the rise. According to cyber analysts, social engineering accounts for 80% of cyberattacks annually. A form of cyberattack, social engineering involves psychologically manipulating targets to force them into disclosing sensitive information or acting against their best interests. Social engineering attacks come in various shapes and sizes, but they always rely on taking advantage of human weaknesses to get around technological security measures.

The most prevalent form of social engineering attack is phishing, in which attackers send fraudulent emails, texts, or messages on social media that seem to be from a reliable source. Often, the messages contain a link or file that, when clicked, either downloads malware onto the victim’s device or sends them to a fake website where they are asked to submit sensitive data. Phishing attacks increased and reached more than 500 million in 2022.

Because social engineering attacks depend more on human psychology than on technological issues, they can be challenging to detect and stop. Organisations should put in place security awareness training programmes that educate staff on how to spot and prevent social engineering attacks. Awareness is one of the best ways to protect a business from these attacks.

In 2021, the French startup Tehtris, which develops extended detection and response (XDR)-based cybersecurity protection, partnered with the corporate Proofpoint. The companies agreed to combine their solutions in order to offer a more comprehensive platform to tackle phishing emails.

Zero Trust

Zero-trust is becoming increasingly well-known. A security model described as “zero trust” assumes that no user, device, or application is automatically trusted inside or outside the organisation’s network perimeter. Instead, all users and devices trying to access resources must continuously authenticate themselves and receive authorisation, regardless of where they are or what kind of resource they are accessing. The zero-trust security market is booming and expected to grow at a CAGR of 18.5% from 2021 to 2031. 

There are several principles of zero trust cybersecurity that companies must apply to reduce risks. Examples include:

• No default “trusted” devices or users 

• Access is continuously modified based on user behaviour and other risk factors

• Use of encryption and other data protection measures

• Continuous monitoring of all devices and users

Zero trust cybersecurity enables enterprises to better safeguard their data and resources by lowering the risk of data breaches and other cyberattacks.

The French startup InfraOpS provides a router and a software firewall solution to enable zero-trust architecture in legacy systems without any retrofitting being necessary. The startup’s patented solution works over a physical or virtual machine in the computer network. By enabling zero-trust security, InfraOpS’ routers allow companies to design new networks without worrying about existing incompatible networks.

Talent shortage and compliance

The lack of available talent is one of the primary issues the cybersecurity sector faces. Cyberattacks are getting more sophisticated and prevalent, but the demand for professionals is still outpacing the supply. This has created a problematic talent gap. Due to this shortage, salaries are increasing and it is becoming more challenging for businesses to fill key positions. 2.72 million open positions in 2022 went unfilled because there weren’t enough suitable candidates. There are over 15,000 cybersecurity-related roles open but unfilled in France alone.

This talent shortage can have severe consequences for the security of companies and organisations worldwide, especially when it comes to compliance. Indeed, organisations must ensure their security practices and policies meet the requirements of relevant laws, regulations, and industry standards. Compliance can become difficult to manage without having trained staff with enough knowledge and expertise to oversee it.

Ultimately, cybersecurity will only continue to bring new challenges as new technologies continue to emerge. Businesses and organisations worldwide must avoid the compulsion to put off cybersecurity measures for later. While this can be tempting due to the time and costs security measures typically require, it’s far too risky today. In addition to the financial harm an attack can incur for your business, reputational damages must also be considered. This is especially the case if your business handles customer data. Staying informed and taking concrete steps to ensure your business’ cybersecurity must therefore be a priority for you.

Article written by Coline Broutin, Senior Analyst at Early Metrics.