What are your business’s plans for cybersecurity in 2023? For some companies, it’s a case of consolidating existing protections. For others, it might be time for an overhaul of how staff log into and access systems. You could be looking to hire a new CISO, or other security specialists.  

Whatever your cybersecurity strategy for 2023 looks like, it’s worth taking a step back and looking at broader trends in the field too. With a recent IBM survey finding that 83% of respondents experienced some sort of breach in 2022, it’s clear that the battle against cybercrime will remain a top priority going into the new year. So, by getting informed of emerging trends, you’ll be best prepared for what 2023 brings. 


9 Cybersecurity Trends of 2023

Here are 9 trends that we expect to emerge or become increasingly common across industries in 2023. Have any questions? Ask us


1- Zero trust becomes the norm 

‘Zero trust’ is a relatively new way of approaching cybersecurity. It essentially involves all users being authenticated and continuously validated when they access your systems. Rather than allowing people to access all your content after a single login, they must instead prove who they are each time they want to view new files, download data or perform other tasks. In this way, it’s much harder for hackers to ‘move sideways’ and access more information once they get inside your systems.  

Zero trust will be increasingly adopted in 2023 as more companies implement the underlying technology and processes to make it work.   


Primer: Read our introduction to the zero-trust model 


2 – Active threat detection will grow 

Cybersecurity has often taken a fairly ‘passive’ approach to threats – waiting for breaches to happen, rather than actively seeking them out. However, in 2023, we predict that more firms will take an active approach to threat detection. There are now several technologies which use AI to seek out anomalous behaviour on your systems and alert you to it before it has a chance to do as much damage.  


3 – New cybersecurity regulations will kick in 

Every year brings a wave of new local, regional or international rules and regulations around improving cybersecurity. One of the big pieces of legislation to keep your eye on this year is DORA, an EU law affecting financial services providers and their suppliers. DORA essentially requires them to demonstrate their resilience against breaches.  

Cybersecurity in the era of hybrid working 


4 – Skills shortage to continue 

Despite predictions of a recession, the jobs market in the UK and Europe remains incredibly tight. This means that the pervasive cybersecurity skills shortage will continue affecting firms, and IT staff with expertise in this area will continue to command high salaries.  

5 –
The concept of ‘security experience’ will emerge 

There’s an argument to be made that many breaches happen because following cybersecurity processes is just too onerous. Employees are tempted to choose weak passwords, click on dodgy links, or use unsecured public Wi-Fi precisely because following their companies’ security protocols is hard, time-consuming and confusing.  

 And this is where the concept of ‘security experience’ comes in. Just as firms have improved products by focusing on ‘customer experience’ or retained employees by thinking about the ‘employee experience’, security experience is about taking a fresh look at your protocols, how they’re explained to people, and finding ways to make it easier to follow best practices.  


6 – State-backed hacking continues 

In 2022, we saw a huge uptick in cyberwarfare, most visibly, of course, around Russia’s invasion of Ukraine. There have also been several other cases of state-backed hacking, particularly of rogue states targeting critical infrastructure. This seems very likely to continue in 2023.  


7 – Password-less security becomes more common 

While most employees still login to company systems with a username and password today, a growing number of businesses will begin supplying password-less methods for logging in. It seems likely that many more company-provided fingerprint readers, iris scanners and facial recognition tools will be given to employees to make logging in more secure.  


8 – Ransomware will target ‘stressed’ industries 

In 2022, we saw numerous examples of ransomware attacks on ‘stressed’ industries – be that manufacturing, energy, or retail. These sectors are already dealing with reduced profit margins, supply chain issues and staffing shortages. They, therefore, make easy targets for malicious actors looking to exploit vulnerabilities. Put simply, firms in financial trouble are more likely to pay up a ransomware demand.  


9 – Artificial Intelligence will be used more heavily in cybersecurity 

In 2023, we expect AI to be used much more widely in organisations’ cybersecurity practices. This technology can help proactively seek out possible breaches, investigate unusual behaviour, and generally provide support to IT teams who just don’t have the time or resources to review every possible threat.  

What is Microsoft 365’s ‘Secure Score’? 

What’s your 2023 cybersecurity strategy?

As 2023 begins, now is a good time to take stock of your cybersecurity protocols, prepare for emerging trends, and refresh your strategy.  

And FITTS can help. Our highly experienced cybersecurity experts can support you with training, implementing new technologies, or designing a security posture that matches your needs and the threats you face.  

Contact us today for a no-cost, no-obligation security assessment, and go into the new year prepared for whatever trends and threats emerge.