2021 was an eventful year for the cybersecurity world. According to SonicWall, 470 million ransomware attacks in the first three quarters of the year alone constituted a 148% increase from the same period the year before, making 2021 the worst year on record. From double extortion ransomware attacks and Ransomware-as-a-Service (RaaS) to supply chain risks like the Apache Log4j Vulnerability, threat actors have diligently kept businesses on their toes with an ever-evolving medley of novel tactics. In fact, ‘cybersecurity failure’ was ranked a top 10 global risk alongside ‘climate action failure’ and ‘infectious diseases’ among others in the recent World Economic Forum Global Risks Report.

Infographic by Visual Capitalist

Like Greentech and Healthtech, cybersecurity innovation is a never-ending economic opportunity because threats are always evolving. In 2021, an unprecedented $21.8 billion in venture capital was invested into cybersecurity companies – a nine fold increase over the past decade. By mid-2021, cybersecurity funding had already surpassed the total funding of 2020. ICE71 start-ups that have benefitted from the boom include Keyless, SecurityAdvisor and Build38.

Singapore’s cybersecurity start-up scene also made considerable progress with 6 cybersecurity deals worth US$408.2 million closed in 2021, 10 times of what was raised the previous year. While funding activity in the region has not quite matched up with the bustle in other cybersecurity hubs of the world, it is likely to intensify as more movers and shakers like Snyk set foot on our shores. (You can hear more about Snyk’s story in this ICE71 webcast on how to raise funding amid the pandemic.)

With increasingly competitive funding rounds, winning pitches will need to show their ability to address biggest threats and challenges looming ahead. We got together ICE71 start-ups to contribute their cybersecurity predictions for 2022.

2022 Cybersecurity Predictions by ICE71

1. Ransomware Causing Life-Threatening Consequences

Put the proliferation of inadequately regulated payment methods and the mounting pressure to pay ransom together and we get the winning formula used by successful threat actors. More actual physical damages (think fires, power shutdowns, human casualties, etc.) should be expected as ransomware targets expand to Internet of Things (IoT) and Industrial Control Systems (ICS). Not only are hackers finding new vectors to hold organizations at ransom, but techniques will also continuously evolve “creatively” to evade detections and decryption. Venkat Ramshet, Founder of FlexibleIR foresees that social engineering attacks will be prominent and adversaries may move from encrypting data to distributed denial-of-service (DDOS) attacks or defacement of websites. Adversarial attacks are unpredictable, and organizations must practice cyber resilience.

2. More Cybersecurity Regulation

Dr Magda Chelly, CEO of Responsible Cyber, believes there will be more regulations in place to tackle the ever-increasing threat of ransomware and payments for ransomware. In fact, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has declared ransomware payment illegal. 

Beenu Arora, Founder and CEO of Cyble, sees that the staggering record of breaches are getting regulators’ attention to impose penalties on organisations to do their due diligence. He believes that we will continue to see law enforcement in the private and public sectors crackdown on organised cybercrime rings. However, he likened the relationship between law enforcers and bad actors to a “whack-a-mole” game – when one adversary is taken down, others will take its place.

3. More Focus on Cyber Risk Quantification

With more organisations willing to invest in cybersecurity, there will be more focus on measuring the financial risks of cyber threats and solutions. Cyber Risk Quantification helps leaders to demystify cybersecurity and make more informed decisions. 

As the Greek philosopher, Heraclitus once said: “change is the only constant”. The world of cybersecurity is increasingly filled with more uncertainty, and it is expected that the attacks will continue to evolve, with the approaches becoming more sophisticated. Beenu concludes that even with the everchanging landscape, the basics still hold true: Practising cyber hygiene, keeping awareness programs, having strong governance, and treating cybersecurity as a technical problem are the basic attributes to being cyber resilient.

What used to be exclusively left to the organisation’s savviest individuals (aka the IT department) to deal with is now everyone’s collective responsibility as organisations brace themselves for greater threats and disruptions ahead.

Did someone share this with you? Get the latest cybersecurity start-up news and opportunities directly by joining our mailing list.