2021 cyber predictions from LORCA and our ecosystem //18.12.20
We rounded up the LORCA ecosystem to explore the trends that will dominate the UK’s cyber sector in 2021.
The profile of cybersecurity will rise exponentially across the tech sector – Saj Huq, director, LORCA
“2020 was the year that cyber’s role in protecting the fabric of our economy and society became crystal clear. There have been deliberate attempts to undermine our healthcare system right at the moment when it was most vulnerable.
Meanwhile, malicious attackers have been waging disinformation campaigns at an individual, institutional and national level and nation states have sought to improve their cyber capabilities.
This has all served to raise the profile of cybersecurity, so in 2021, the tech sector at large will have a much greater appreciation of the fact that security is intrinsically linked to all technology. If we’re going to make the great technology leaps we need to make to solve big challenges like climate change and reducing economic inequality, this link has to happen. And, given the year we’ve had, 2021 could be the year it happens.”
Cyber hubs in the UK will move closer together – Andrew Roughan, managing director, Plexal
“At LORCA, we’ve deepened our links with cyber hubs in the UK, in particular Cardiff, Cheltenham, Manchester and Newcastle, over the last few years. In 2021, this interconnectedness will only ramp up.
London is the best place in Europe to start a tech business and launch into international markets. At the same time, we have deep cyber expertise in hubs dotted across the UK, from Manchester and Belfast to Edinburgh and Yorkshire. As the UK government continues with its levelling up agenda, London will retain its position as the country’s tech hub but you’ll see it having a much closer relationship with regional hubs and the north-south divide will become less stark. Cyber will be at the centre of this paradigm shift and it’s already well underway. Certainly at LORCA we have a huge appetite to engage more deeply with the academic institutions, startups and sister programmes across the UK.”
Organisations will become more engaged with startups and work with them in more agile ways – Will Sayer, innovation associate, Plexal and LORCA
“2020 has made large organisations across sectors fast track digital transformation and embrace agility they might have otherwise baulked at. This year has been about survival and understanding the risk they’ve taken on but next year these organisations will focus on working with the cyber innovation ecosystem to not just plug the security gaps but to enable collaboration and agility. We’re already seeing large organisations in our network become more proactive and agile when it comes to the way they engage with startups and we think 2021 will bring more pilots, proof of concepts and contracts coming the way of startups.”
Disinformation will move into the cyber mainstream – Russell Gundry, head of innovation strategy, LORCA and Plexal
“At LORCA we’ve noticed that consumer and corporate awareness of disinformation has risen this year. We experienced an infodemic 2020, with disinformation being used as a delivery mechanism to deploy malware and as a tool to cause damage to corporations.
In 2021, we’ll see more cyber startups use their existing technology, or build on it, to tackle this growing market need.”
AI based solutions will help organisations secure their supply chains – Dave Rowley, commercial director for cyber, LORCA and Plexal
“Organisations have onboarded a huge amount of risk this year in the name of agility. This means their supply chains are even more complex, and in many cases the organisations skipped the usual due diligence because they needed to collaborate quickly. We will see more organisations turn to AI-based solutions to help them have real-time visibility across the supply chain – just vetting suppliers during the onboarding process won’t be enough.
From what industry tells us, we’ll also see louder calls for a framework, a common taxonomy, so suppliers aren’t having to grapple with different approaches for different vendors.”
It will be even more challenging for early-stage startups to stand out – Grant Wade, client manager, LORCA
We’ll continue to see a very healthy growth rate of cyber startups, which will make it even harder for industry and investors to differentiate between them. The UK’s cyber ecosystem is maturing and we’re seeing companies scale by partnering with platforms, attracting large rounds of investment and integrating into the existing security architecture of enterprises. Spinouts and startups will have to work extra hard to build trust in their solutions, and in this environment the role of a vendor-neutral party that can vet them and connect them to potential buyers, partners or investors will become crucial.
Individuals will continue to be targeted – Alanna Murphy, innovation associate, LORCA
“The way we work and live has transformed in 2020, and this monumental shift to a 100% reliance on technology for our everyday needs means the sector has a collective responsibility to protect individuals – not just businesses – from the endless slew of online threats.
We’ve seen ransomware increase this year as criminals set their sights on people who might not have ordinarily conducted so much of their lives online. And as even more people come online for the first time next year, this will continue. From deepfakes targeting women to ransomware directed at the elderly, 2021 will see cybersecurity become even more embedded in mainstream consciousness and the innovation community will need to step up to defend everyone.”
Cyber compliance will embrace automation – Ruby Motabhoy, innovation consultant, LORCA
“Managing compliance around personal devices, home workers, and multiple networks reached new levels of complexity in 2020, so any solution that makes cyber compliance easier is going to have a warm welcome in 2021.
Bigger players like Amazon Web Services will see more demand for their automated regulatory services, but startups offering light-touch ways to automatically visualise, audit and manage data protection processes will also play a key role.”
The Internet of Things and cyber-physical threats will spearhead more collaboration – Bruno Sussat, business strategy lead, LORCA and Plexal
“The attack surface will be more complex than ever thanks to 5G, the further spread of the Internet of Things and the digitisation of critical national infrastructure. Throughout the year, manufacturers, mobility innovators, insurance companies, city leaders and private sector organisations have told us that they want to collaborate to have greater visibility of the threat landscape and work together to manage security risks. It’s not always clear where the risk and responsibility lies, so a siloed approach simply won’t work. Startups that enable this secure collaboration will be in high demand.”
Cyber defence will become more proactive and joined – Andy Bates, executive director for the UK, Middle East and India, the Global Cyber Alliance
“Instead of security just sitting behind your firewall, there will be more active tools to allow the reporting and taking down of criminals domains. We’ve seen this with NCSC this year and the 7725 spam text number, but this evolve into a more proactive, global and cohesive defence ecosystem.”
Cyber will integrate with other sectors that have a huge societal impact – Bruce Gregory, managing director, Hub8
“The future for cyber is all about how it integrates with other sectors. Cheltenham, home to GCHQ, has one of the most established cyber ecosystems and we’re looking forward to making it an integral part of the region’s community. From creative to culture, agri-tech to AI, cyber will form a part of the fabric of our society. We’ll be delivering two new innovation platforms that will help make this happen by enabling new collaboration and innovation between government, industry, academia and the community.”
Organisations will need to embed trust into services and products – Margarete McGrath, chief digital officer, Dell Technologies UK
“2021 will be an exciting year for advancement in cybersecurity. The pandemic has made many leaders more aware of the central role cybersecurity has in enabling a remote workforce to continue serving clients and employees. As organisations continue to support remote operations, we believe there will be an increase in the focus placed on securing devices and the network. Building on the principle of zero trust, organisations will look to ensure that businesses constantly verify and authenticate employee and customer data. This will help organisations to embed trust into services and products by securing data, protecting and building consumer confidence.”
Legacy systems and practices will be one of the biggest pain points for large organisations Raj Meghani – chief marketing officer, BlockAPT
“Legacy systems will continue to become a loophole for many cyber attackers and pose an even bigger headache for CTOs. Organisations have moved far more of their digital infrastructure into the cloud to accommodate remote working, which has prompted them to take a zero-trust approach. However the challenge is that this is combined with legacy systems. The technical and cultural transition away from old systems and ingrained practices will be a major pain point in 2021.”
Untracked internet assets will be the major reason for breaches in 2021 – Sudhanshu Chauhan, director and co-founder, RedHunt Labs
“With modern IT infrastructure in place, combining the cloud, third-party services, and modern deployment practices, the definition of an asset has evolved in the last decade. The ever-evolving attack surface is hard to secure with traditional one-time security assessments. Failing to identify and track such assets continuously could lead to major breaches in the future.”
Standards will make businesses invest in mobile app security, Ivan Kinash, co-founder and CEO, Licel
“The pace of change in app development can be so quick that sometimes regulators struggle to keep up. Take the healthcare industry, for example. Apps are being released all the time that shift the traditional patient-doctor or patient-government relationship to a digital setting. But the risk is that a lack of guidance and regulations around security acts almost like an invitation to hackers. In 2021, we expect governments and regulatory bodies to implement security standards in healthcare more speedily like you see in the financial industry. A good example of this is the PCI CPoC standard, which arrived quickly to provide security and testing requirements for apps that accept payments.”
Cyber insurance will increase its footprint – Jonathan Kaplan, director of innovation analysis, SOSA
“In the past few years, a new layer of technologies and services has been added on top of cyber protection, intelligence and risk management. Insurance for cyber incidents and attacks have received acknowledgements both from VCs investing in cyber insurance companies, as well as leading insurance brands taking an active part in mitigating and covering damage caused to businesses and individuals. We expect to see more services, solutions and investments in this space in 2021.”
Organisations will need to review the security implications of COVID-19 business continuity measures – Stephen Wray, director, Cyber Risk Services, Deloitte
“During the pandemic many organisations have turned to new technological infrastructures to enable operational resilience, scalability and adaptability. These measures were accompanied by changing risk appetites, where ensuring the continuity of critical services and operations became a priority – sometimes at the cost of security. In 2021, organisations will need to review the security implications of the decisions they made during the early days of the pandemic. They will need to map out their assets, vulnerabilities and in some cases retrofit security and risk management controls. This is likely to lead to a renewed focus on basic cyber hygiene and a hardening of the infrastructure.”
Privacy and data security will become key differentiators for companies – Emma Lindley, chief commercial officer, TrustStamp
“With the increase of digital identity powering everyday transactions like mobile banking, telemedicine and remote working, stored identifying information is increasingly at risk of exposure. As organisations are placed under mounting public pressure to protect privacy and face the severe consequences of losing data to hacks and leaks, data protection will become an even greater priority across all sectors. Companies that may not have needed to handle very sensitive user data in the past must now implement robust security protocols alongside user-friendly digital identity systems. If they don’t, they may face financial loss, customer abandonment and reputational damage.”