Five 2023 Cybersecurity Predictions by Doug Dooley

Doug Dooley, COO, Data Theorem

1. Security automation will be a high priority in a down-economy with hiring freezes. Many IT security projects will be delayed or put on-hold because of staff shortages and budgets cuts. Compliance, regulatory, and critical services will triage to the top of the priority and budget list for most IT security teams. Automation of processes previously done by staffing and manual efforts will be one of the top projects in 2023 to remedy resource reduction and constraints.
2. Security budgets will remain strong for cloud but deeper cuts coming for legacy on-premise. Businesses will need to triage IT projects and rank what areas of security matter most in their budgets. In the past, additional budgets were necessary to cover cloud-native applications and “lift-and-shift” migrations to the public cloud. In 2023, the overall budgets will need to shrink for many organizations. The cloud budgets will remain in tact but deeper cuts (20-60% annual reduction) will be applied to legacy systems/teams, especially those unable modernize and migrate to the cloud.
3. Soft-layoff period will continue for 6-18 months with major tech companies forcing employees back to the office. Many technology workers will resign from their comfortable, high-paying jobs at larger employers. Some of the smaller companies and high-growth startups offering more flexible work-from-home (WFH) roles will become more attractive. However, small and large companies alike will start hiring freezes and not allow for backfilling of positions lost in 2023. The net result will be less employment opportunities and eventually less job-hoping in 2023 despite the talent shortfall in IT security.
4. CISO shortage. CISO exodus. Chief Information Security Officers (CISOs) have a rare combination of business acumen, operational knowledge, technical insights, and legal/compliance experience. The best ones are well-respected, hard to attract, and expensive to retain. Starting in 2023, we will see a growing trend of experienced CISOs exit and retire to other opportunities like joining security and technology vendors, startups, investors, and board members.  The risk-reward ratio of career CISOs has many re-thinking whether this is an ideal profession when facing legal action, shouldering undue blame from board members, or even jail-time after a security breach has gone poorly.
5. Business travel and in-person gatherings will be a premium draw and differentiator. Companies will continue to downsize their office footprints globally. However, the strongest organizations will use the cost savings gained from lower real-estate costs to re-invest into premium and sometimes luxurious in-person gatherings. Whether it’s industry events, customer meetups, team-building excursions, and/or corporate off-sites, businesses of all sizes will start to experiment and invest in different approaches to bring the “tribes” of IT and security professionals back together. The security world has always been tribal and secretive by default. After two plus years of lockdown, these tribes of infosec professionals are ready to get back together for rediscovery, edutainment, and fun.