In 2022, we saw a large number of cyber attacks and breaches that affected both companies and countries, driven primarily by accelerating innovation by threat actors and continued diversification of the threat actor economy. While many technical responses have been proposed, the policy responses pose a more challenging issue, as companies will need to comply with public policy decisions despite challenging macroeconomic conditions and a persistent lack of skilled professionals to work on cybersecurity.
2023 will be the year where multiple regulatory bodies in the United States express their mounting frustration with a perceived inability on the part of public and private companies to effectively manage their cyber risk. Instead of relying on self-regulation, these regulatory bodies will now prescribe how companies should manage their risks.
In short, 2023 will be the year of risk.
The Current State of Risk
An unprecedented six regulatory entities all have announced separate plans to enact additional rules in 2023 to instruct companies on how to manage their risks:
- The Department of Defense (DOD)
- The Federal Reserve
- The Federal Trade Commission (FTC)
- The New York…
