In this article we echo the data security and privacy predictions in 2023 made by different market analysts. The ever-increasing personal data protection regulations in the world, the need to contain and mitigate information leaks in companies and the changes in digital transformation and collaboration are making the needs for cybersecurity solutions to protect data and maintain the privacy of sensitive data increase day by day.
TABLE OF CONTENTS
- A. Estimated volume of the data protection and privacy market
- B. Top 3 Predictions in the field of data protection and privacy in 2023
- B1. Increased security in the supply chain.
- B2. Expansion of the Zero-Trust security model
- B3. Data-centric cybersecurity will be key to a “data everywhere” world
- C. Technology trends in the area of Data Security and Privacy
What is the estimated market volume of data protection and privacy?
In this article, Gartner estimates that spending on Cybersecurity and Technology Risk Management will increase globally by 11.3% in 2023 growing to $188.3B, influenced primarily by three factors:
- The continued rise of remote work, where companies are looking for ways to secure remote work environments from home.
- The transition to a Zero-Trust Network Access model, which is also the effect of the increase in remote work where VPN protection has become very limited.
- The shift to Cloud models where it is easier for the company to manage the infrastructure.
Reviewing the estimates by cybersecurity segment, we see that by 2023, growth is estimated at over 14.2% in the area of Data Security, and 16.9% in the area of Data Privacy, with an estimated volume of spending of $5,474M between the two. This cybersecurity segment is the fastest growing after Cloud Security and Application Security. If we review IDC’s predictions for the European market, we see that the estimated annual growth is 9.4%, estimated to reach over $66B by 2026. The fastest growth through 2026 in cybersecurity spending is expected in the Czech Republic followed by Belgium, France, Germany and Switzerland. As with Gartner, the shift to remote working and increased reliance on cloud models is seen to have expanded the attack exposure surface of companies. In this case, the Public Administration sector is expected to grow the most based on the following priorities:
- Cloud Workload Protection
- Securing Collaboration Platforms
- Data Security
3 main predictions in the field of data protection and data privacy in 2023
According to the following VentureBeat article, which highlights cybersecurity predictions by Gartner analysts, with the dragging out of the Russia-Ukraine war, organizations must prepare for a continued increase in threats. Based on the predictions made in this article and focusing on those related to data privacy and security, the following can be highlighted:
1. Increased supply chain security
Socio-political changes and privacy challenges among others are increasing exposure to cybersecurity risks in the supply chain. Organizations face challenges in protecting the information and data they share with partners and third parties in the supply chain. A company can apply perimeter security measures when it has its data within the corporate network, but when it comes to supply chain collaboration, this is not so easy to control. According to the report prepared by Ponemon Institute for IBM on the cost of a data leak in 2022, one-fifth of the leaks that occurred in 2022 have occurred as a result of a supply chain attack. Leaks that have occurred in the supply chain are more costly to detect and contain than those that occur within the organization itself. Data that is shared with third parties is at the mercy of our partners’ security systems that we cannot normally control. It is necessary to establish protection measures on the data and information itself so that when it is being used by third parties we can have the same protection controls that we would have if this data were within the security perimeter of the organization. One of the predictions made by Gartner in this report, is that by 2025, 60% of organizations will use cybersecurity risk as a determining factor in establishing business and collaborations with third parties. The cybersecurity maturity of our partners will be positively taken into account when doing business with third parties in order to avoid possible security breaches and non-compliance with data protection regulations.
2. Increased adoption of the Zero-Trust security model
A Zero-Trust Architecture (ZTA) is one that, among other things, continuously assesses risk based on identity and context criteria (e.g. location, device, time of access, data sensitivity, etc.). Risk is assessed on each access to a resource and the minimum necessary privilege is given on the resource. Regardless of whether the resource being accessed (e.g. a document) is internal or external to the network perimeter, the risk must be assessed and a set of access privileges given based on the risk. According to the report prepared by Ponemon Institute for IBM on the cost of a data leak in 2022, it has found that those organizations that have deployed a Zero-Trust security model have saved nearly 1 million Euros on average in data leakage costs in relation to others that have not deployed it. In Gartner’s “Top Cybersecurity Predictions for 2023” Webinar, it is highlighted that by 2025, 60% of organizations will join the Zero-Trust security model, although half of them will fail to realize its benefits. In this case, management support in establishing a Zero-Trust protection strategy is considered essential to translate the advantages of a technical architecture or approach into business benefits.
3. Data-centric cybersecurity will be key to a world of “data everywhere”
According to Gartner, data is proliferating and growing continuously both inside and outside organizations. Data that is collected from third parties must be adequately protected and visibility into it is often very low: 55% to 80% of data stored by the enterprise is considered “dark data,” and is subject to unknown risks. Data-centric security and privacy compliance is critical in a world where data is everywhere, so organizations should focus in 2023 on establishing architectures from a data-centric security approach. According to the predictions made by Gartner in this report, government privacy and protection regulations will reach more than 5 billion citizens. In this case, automation of privacy management programs is key as modern data protection legislation is being established in multiple geographies and jurisdictions.
Technology trends in the area of Data Security and Privacy in 2023
One of the most respected analyses of innovative technologies is Gartner’s Hype-Cycles. The Gartner Hype-Cycle is a graphical representation in the form of a curve that depicts the maturity and adoption of technologies and apps and how they are potentially relevant to solving real business problems and seizing new opportunities. In the following image we can understand the different phases of a Hype-Cycle:
In the area of Data Security we can find the Hype-Cycle for Data Security. For the one published in 2022 and whose image we can see in the following link, we can see how in the consolidation ramp we can find technologies such as Data Classification. Both manual and automatic data tagging tools are becoming increasingly required by organizations for regulatory compliance and the establishment of effective data governance programs. Similarly, data classification appears on the consolidation ramp in the 2022 Data Management Hype-Cycles, or Privacy technologies. At different stages of the cycle we also see technologies related to data-centric protection controls such as CASB, and other privacy-preserving techniques for establishing collaborative data relationships with enterprises, such as Homomorphic Encryption, Differential Privacy, etc. In previous Cloud Security, Identity and Access Management Technologies or Data Security Hype-Cycles we see how E-DRM (Enterprise Digital Rights Management) technologies, such as SealPath, are already at the so-called “productivity plateau”: widespread adoption is starting to take off and the criteria for assessing vendor viability are more clearly defined. The broad applicability and market relevance of the technology is clearly paying off. SealPath enables its customers to:
- Increase supply chain security in the exchange of sensitive and confidential documentation, including CAD designs.
- Successfully implement a Zero-Trust protection strategy in the area of access to sensitive documentation.
- Effectively comply with various data protection regulations.