NightDragon Advisors on Trends to Watch for 2023

2022 Wrap Up: NightDragon Advisors on Market Trends and Industry Outlook  

As 2022 comes to a close and we begin to look forward to the New Year, what’s clear is that the cybersecurity, safety, security and privacy sectors are more relevant than ever. With that in mind, NightDragon has collected insights from our Advisor Council into what takeaways they had from the past 365 days, and what trends they expect to see in 2023 and beyond. 

NightDragon’s Advisor Council includes a growing group of nearly 60 renowned industry leaders and advisors with expertise in product, go-to-market, government, executive management and marketing. It also includes highly regarded Chief Information Security Officers (CISOs) who are at the cutting edge of their fields and can provide a buyer’s perspective on the market. 

In an anonymous survey of our Advisor Council at the end of the year, NightDragon Advisors shared their spending patterns for 2022 and if they expect budgets to increase in 2023. Additionally, Advisors provided insights into what trends they are watching and what technology categories they expect to grow in the year to come. Findings from the survey include:

  • Cyber budgets are going up. 66% of NightDragon Advisors surveyed said their cyber budgets increased or significantly increased in 2022. Biggest investments in 2023 included EDR, incident response, OT/ICS security, supply chain security, identity and access control, data discovery and other areas. 
  • Budgets aren’t slowing down. Nearly 67% said they expect their cyber budget to increase or significantly increase as we head into 2023. They cited investments in data protection, zero trust, incident response, pen testing, OT/ICS expansion, application security, cloud security, identity and other areas. 
  • Biggest risk areas predicted for 2023 included insider threats, ransomware, supply chain threats, phishing and cloud security.
  • Select predictions and trends to watch for 2023:
    • Continued ransomware attacks
    • New regulations regarding cyber 
    • Consolidation and M&A in the cyber marketplace 
    • Increased importance of auditing for cybersecurity posture prior to signing as third party or software vendor
    • Data and data-centric security continue to be critical 
    • CISOs to reduce the number of vendors they work with and get more efficiency from those in existing stack 
    • Advanced behavioral analytics 

Additionally, we asked some of our Advisors to contribute their thoughts on trends they are watching for 2023. Here’s what they had to say: 

Gary Hayslip, CISO, SoftBank Investment Advisors –

CISOs are uniquely positioned to be the technology/risk focused executive today’s boards need for success – The global business landscape has experienced increased threats in recent years. Through the pandemic, cyber criminals continue to take advantage of immature network configurations as businesses hastily transitioned to remote work operations. In 2020, malware attacks increased 358% compared to 2019,  then in 2021 cyber-attacks globally increased another 125% through 2022, and this upward trend has continued. In 2001, the average cost per hour for a data breach was $2054, in 2021 the average loss rate has increased to $787,671 per hour. There is significant impact to business operations being seen from the various threats businesses face today which is why I believe it is important corporate leadership teams and boards of directors have the CISO as a partner and team member. The diverse knowledge, training, and experience CISOs have managing the systemic risk exposure of organizations make them an ideal executive for companies to understand their current technologies, the risks intertwined through business operations, and strategic insight to identify future exposure. CISOs with a strategic mindset are willing to take this next step, we already operate in an advisory capacity so it’s time for them to be recognized as the executive partner they are and accepted as part of the leadership team.

Raja Patel, SVP, Products & Managed Services, Sophos –

Today’s cyberthreats have become too complex for many businesses to defend against on their own and when coupled with workforce shortages it further complicates the challenge, increasing risk and exposure to potential attacks.  This new reality will require organizations to look for Security partners that can provide scaled-out cybersecurity defenses powered by always-on security teams.  To keep pace, many businesses will turn to cybersecurity-as-a-service (CSaaS). For some, this means outsourcing all security operations to an outside security specialist. Other organizations will be leveraging CSaaS to augment their existing security teams’ capabilities. 

John Kindervag, Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT – Zero Trust Provides Leaders with a Strategic Cybersecurity Vision

I am often asked why Zero Trust took more than a decade to “catch on” and why its adoption is happening so rapidly now. The truth is that there has been robust interest in Zero Trust since its inception. We used to joke that Zero Trust is like Fight Club: the first rule is that you don’t talk about it. There were several reasons for this. Many early Zero Trust environments were deployed in sensitive systems protected by non-disclosure agreements. Additionally, practitioners who wanted to talk about their Zero Trust journey were stopped by their legal or PR teams, who didn’t want “to put a target on our back.” But that all changed when President Biden issued the “Executive Order on Improving the Nation’s Cybersecurity” in May of 2021. That EO stated, “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture…” And boom, Fight Club’s first rule was gone. It is not only okay to talk about Zero Trust; it is encouraged. The President single-handedly changed the incentive structure around Zero Trust. Today Cybersecurity and other leaders demand to understand and implement Zero Trust for their organizations. It’s even a board-level topic. Zero Trust is a cybersecurity strategy designed to resonate to the highest levels of any organization yet be tactically implantable using commercially available technology.  The strategic focus of Zero Trust appeals to leaders, and those leaders will drive its growth and adoption over the next decade. So here’s a New Year’s hat tip to the President. Zero Trust thanks you Mr. President.

This blog is the third in a series of end of year blogs regarding the state of the market and what to expect in 2023 and beyond. Read our previous blogs with insights from our portfolio companies here and here and keep an eye for the next blog in the series with insights from our NightDragon team. 

To learn more about the state of cybersecurity, register for our second annual NightVision State of Cybersecurity event on January 3. The event will feature top leaders in government, go-to-market, analysts, CISOs, venture capital and more to talk about market trends and the state of the industry. Learn more and register here.