Technology continues to advance at unstoppable rates. With the rise of remote working and the increased digitalisation of businesses, the threat of cyber-attacks has become more pressing. What can we expect for the rest of the year, and what are the biggest issues facing us at present in the realm of cyber security? Whether you’re a cyber security professional or not, it’s important to understand what to expect, and how your organisation is at risk. Here are 5 trends in cyber security for 2022:

1. Increased exposure
Businesses have become more exposed to cyber-attacks. Advancements in technology have paved the way for an exciting new world of work, but organisations now have a multitude of different areas for attacks to take place. With cloud applications, social media and digital supply chains, to name a few, there’s a wider surface area for threat actors to take advantage of security vulnerabilities. The number of devices on the Internet of Things is predicted to surpass 25.4 billion in 2030, which is exciting for organisations and the level of connectivity they can achieve. However, that’s 25.4 billion possible access points for cyber criminals.
Remote working has caused huge potential for attacks in recent times. Businesses went into survival mode during the pandemic, understandably, trying to get their employees access to systems remotely. In the midst of this, cyber security took a back seat, with security measures falling short of the stringency needed to protect organisations. This now seems to be coming back into focus, and with a more remote working model the new norm, implementing tougher security measures is essential for businesses that don’t want to fall foul of a cyber-attack.
There’s no likelihood that we’ll be going backwards in digitalisation any time soon, so organisations need to be aware of their vulnerabilities and work towards preventative measures. Being able to identify areas of vulnerability, and a threat before it’s actioned, is the safest, and most cost-efficient way to reduce the potential fall out of a cyber-attack.
2. The rise of AI and machine learning
Artificial intelligence (AI) and machine learning are certainly up there with the most innovative and important digital advancements. Their use can make a huge difference to organisations, allowing for more time and cost efficiency in business processes. It’s no surprise that there is a rising trend in the use of AI and machine learning in the world of cyber security.
The use of AI and machine learning in cyber security products allows for the learning of patterned behaviours by cyber criminals, identifying risks and blocking a threat before it turns into an event. Businesses are investing in this technology as a preventative, and incredibly useful, feature in their security measures.
On the flip-side, AI isn’t exclusively available to businesses, with threat actors also taking advantage of its many uses. Organisations need to take measures to be one step ahead of their attackers.

3. Phishing and Ransomware
Who hasn’t received a phishing email into their work inbox? We’ve all read the one from the ‘boss’ asking you to give them your mobile number so they can ‘talk to you about something urgent’ or buy them £500 of vouchers because they’re ‘stuck in a meeting’. Whether it’s your ‘boss’, a fake invoice or a wealthy prince, if you have an email address, you’re not safe from the scammers.
Phishing emails normally lead to ransomware attacks, where the organisation must pay a ransom to avoid damage to their systems, files and potentially catastrophic consequences. Ransomware attacks are on the rise, and 61% of technology executives expect to see an increase in ransomware attacks in 2022.
Phishing emails are becoming more advanced, with increased levels of personalisation and geo-targeting, so they’re more of a risk to organisations now than ever. Moreover, 97% of people globally cannot recognise one when they see it. This brings us onto our next trend for 2022…
4. Education and Awareness
Traditional cyber security training doesn’t cut the mustard in 2022. In a recent ISACA survey, 43% of respondents indicated that their organisation experienced more cyber-attacks in the last year. However, only half of respondents believed that it is likely or very likely that they’ll suffer an attack in the next 12 months. Is this well-placed optimism, based on the recognition of the importance of cyber security, and new measures being put in place in their company? Or is this a ‘it happens, but it won’t happen to us’ mentality kicking in?
Awareness and recognition of the severity of cyber-attacks and the chaos they can cause appears to still be lacking, so education and training are of the utmost importance in current times. Businesses appear to be recognising this. Gartner reports that more progressive organisations employ a holistic method of cyber security training. This focuses more on behavioural and cultural aspects, teaching new ways of thinking and conditioning new behaviour that nurtures secure ways of working.
If organisations want to bring their employees up to date with measures to protect themselves from cyber-attacks, then investments need to be made in education. After all, human error remains a factor in most data breaches.
5. Rewiring the system
Changes need to be, and in some cases are being, made to the more integral operations of organisations. If advancements are to be made in cyber security for businesses, then budgeting needs to be examined. Security Magazine suggest that budgets will be more considerate of this in 2022, by investing in finding vulnerabilities in security measures before threat actors do, rather than owning advanced technological products. Investment in cyber security is rising in general, so companies can avoid the backlash of an attack and the damage it does to their reputation.
Another integral change could be around decision-making. Gartner suggests that cyber security functions will be, and are being, decentralised. Due to the changing digital landscape, cyber security needs to match this in agility. Enabling business leaders, not just the CISO, to make informed decisions is key, so education and cross-training for the C-suite and board could be a huge investment.
Budgeting and decision-making are two key factors in the successful implementation of cyber security measures within an organisation. There are higher budgets for cyber security in organisations that allow for closeness in reporting proximity between cyber security managers and the C-Suite.

It’ll certainly be interesting to see how things pan out over the next year. The way an organisation reacts to the imminent threat of a cyber-attack will be crucial to their safety as a business. With organisational and budgetary changes, investments in preventative measures and AI, and holistic education, a company stands a much better chance of weathering the cyber security storm.
Focus on Security are dedicated to the recruitment of cyber security professionals, so whether you are part of the workforce, or need security talent to join your own, get in touch today to see how we can help.
Want updates on new vacancies and resources, like this article? Follow our LinkedIn page here.