Cybersecurity: a year in review


Read the full report

Over the past year, cybersecurity has become an even more crucial part of everyday life and a top priority for businesses and governments around the world following several critical attacks against the public and private sectors. In a new twist, the use of cyberwarfare as a Russian tactic in its invasion of Ukraine has resulted in a further escalation of near-term cybersecurity efforts and expenditures, including increased government regulation and legislation, in particularly in Europe and the United States. . And the statistics speak for themselves. In March 2022, Thales Research reported that one in five (21%)* global organizations had experienced a ransomware attack in the past year, with 43% experiencing a significant impact on their operations. Additionally, nearly one in three global businesses have experienced a data breach in the last 12 months. In terms of preparedness, Venafi reports that only 50% of U.S. businesses have a cybersecurity plan, and only 43% are financially prepared, as the total cost of cyberattacks last year soared to over $6.9 billion. of dollars. The number of attacks (and, for organizations that are unprepared, the costs associated with them) is expected to grow exponentially as the methods and tactics used by sophisticated hackers continue to evolve, making cybersecurity a non-negotiable necessity in today’s highly digitized world. . The hacks and breaches witnessed over the past year have proven just how serious the implications can be for the functioning of the global economy, whether it’s an attack on a natural gas supplier or a semiconductor manufacturer. We’ll review some of the key cybersecurity-themed developments over the past year, including some of the most recent government regulations, notable hacks/breaches, and a flurry of M&A activity that signals a continued maturation in an industry with strong fundamentals and a number of secular tailwinds for continued growth.

Accelerated regulation

Cybersecurity has become a top priority for President Biden over the past year in response to the increase in the number and overall sophistication of cyberattacks not just in the United States but around the world. A study published by Check Point (CHKP) reports that cyber attacks have increased by 16% worldwide since the start of the Russian war against Ukraine in February 2022. To increase visibility and awareness of cyber incidents in the United States, Biden signed new cybersecurity legislation. On March 15, 2022, requiring critical infrastructure operators to report hacks to the Department of Homeland Security within 72 hours and 24 hours of ransomware payments. Also in March 2022, the Securities and Exchange Commission (SEC) voted to propose two new cybersecurity rules for public companies: mandatory reporting of material cybersecurity incidents on a Form 8-K within four business days of the incident; and required disclosures about company policies to manage cybersecurity risks, including updates on previously reported significant cybersecurity incidents. Additionally, the United States House of Representatives passed two cybersecurity bills in July 2022. The first bill drafted by Congressman Bilirakis requires the Federal Trade Commission to report cross-border complaints involving ransomware and other cyber threats. The second bill, the “University Leadership in Energy Cybersecurity Act,” directs the Department of Energy to establish an Academic Leadership in Energy Cybersecurity Program. Ahead of the US midterm elections in November, the Cybersecurity & Infrastructure Security Agency (CISA) released a toolkit to improve the cybersecurity and cyber resilience of election infrastructure. Cyber ​​efforts have also increased outside of the United States. The UK government added strict telecommunications security rules to its existing Telecommunications (Security) Act in March this year, which was originally passed in November 2021 to help defend the country against cyberattacks. Additionally, in March 2022, the European Commission (EC) proposed new cybersecurity rules to ensure uniform security measures across EU institutions, bodies, offices and agencies. According to the EC, the proposed rules “establish a framework for governance, risk management and control in the field of cybersecurity. This will lead to the creation of a new inter-institutional cybersecurity council, strengthen cybersecurity capacities and stimulate regular maturity assessments and better cyber hygiene. In May 2022, the European Commission accepted a political agreement between the European Parliament and EU Member States on a new Measures Directive for existing rules on the security of network and information systems (NIS Directive) throughout the Union. This strengthened directive covers “medium and large entities in a greater number of sectors critical to the economy and society, including providers of public electronic communications services, digital services, wastewater and waste management , manufacturing of critical products, postal and courier services and utilities”. administration, both at central and regional level. Government entities in smaller countries have found themselves increasingly exposed to cyber threats due to a lack of resources and spending to prevent breaches, ransomware and other cyber attacks. For example, 27 government entities in Costa Rica were attacked in April-May 2022, and among the most affected were the Ministry of Finance and its two portals, the Tax Administration Virtual Portal (public tax collection portal) and information technology for Customs Control Portal. The attack caused a delay in the payment of pensions, salaries, grants and tax collection.

Read the full report


nasdaq

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button