How do you foresee the data security and privacy landscape changing over the course of 2023?

2.3k views5 Comments

Director, Security Operations in Telecommunication, 501 - 1,000 employees
IMO, there will be continued focus and expansion.  We'll see more/broader laws and regulations being enacted both at a state level (US) and country level (international).  Some analyst believe that exiting 2023, 75% of the world's population will be under a related privacy law or regulation. Challenges will continue to grow, being compounded by the continued expansion into "cloud computing", diminishing visibility to data owners.  Along with the continued movement into the cloud, (assuming that the global economy continues to contract) there'll be an increase/uptick in malicious activity - in my experience, this happens whenever there's an economic down-turn.  Enterprises will need to continue to enhance posture through further encryption and more/better authentication and double down on internal cyber security awareness training and simulation.
VP, Information Security in Healthcare and Biotech, 1,001 - 5,000 employees
I think things are going to get considerably more complex, particularly for organizations that serve customers in multiple states or countries.  With more data protection laws being put into place (often with conflicting requirements) the compliance landscape for data security and privacy becomes much more difficult to navigate.   Further, as technology becomes more advanced and embedded in all areas of our lives, our reliance upon it and the limits of what information we are willing to share grows exponentially.  This also increases the burdens upon companies to store and protect more data, and quickly leverage new systems and methodologies to assist with that effort. This "forced rapid adoption" often yields blindspots for organizations.
Director of Information Security in Manufacturing, 1,001 - 5,000 employees
I agree with comments about the increasing complexity, and the scrutiny completely.  Having said that, the paradigm will need to shift, and is already shifting, to reflect that the data on an individual truly belongs to that person, and should not be collected but rather accessed based on a current need. Simply put, there is no need to store any personal data, if we can get to a landscape where that information is available for a specific transaction, and during a specific period of time.  
We already do this with e.g. passwords, adding more personal data to the mix should be relatively straightforward and may even be a brilliant new business opportunity ;-)  
Director of Information Security in Manufacturing, 1,001 - 5,000 employees
I agree with the remarks on complexity and further regulation for sure.  GDPR / California, etc is coming for all of us!
Having said that, I also believe that we need to shift the paradigm, and that this shift will start in 2023.
Data does not belong to any company, it belongs to the individual.   Simply put, there is no need to store e.g. an address, or even medical data if that data is available when you need it via a broker.
IMHO this is not far-fetched. We already use our social identities (Google, Facebook, ...) to logon, it is a relatively small step to use a broker to store personal data, and expose it for a very specific transaction and duration to the process that needs it.
(sorry if overlapping posts, had some trouble signing in)
Director of Tech and Cyber Strategy in Finance (non-banking), 1,001 - 5,000 employees
I think there will be a continued emphasis on data residency and ring-fencing data within regions in the same way that supply chains are becoming more localized. In addition, I think there will be more emphasis on data security and privacy as WFH/hybrid has become the norm, increasing the need to safeguard against social engineering attacks that can increasingly take place outside of the traditional corporate environment.

Content you might like

A primary concern for all D&A initiatives12%

Something to mitigate, but not our primary concern73%

Not concerned. That is someone else's domain14%

Frustrated by the limitations it creates1%

I don’t know1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
43.5k views132 Upvotes319 Comments





What security budget?2%


2.3k views4 Upvotes