A new year always means one thing in any field with an ample number of armchair pundits: another round of annual predictions.

The big problem with annual prediction lists is that they are written so generically and broadly they are hardly ever wrong. They don’t offer any way to measure or define a successful prediction. To add to that, most list writers never bother to go back and grade themselves on the quality of their predictions.

I’ve decided to do another round of my own predictions on the cyber, security, and data protection landscape, with my trademark twist, of course. I offered up 2020 predictions, but I skipped 2021. Global pandemics and all, but I’m back. I got 8 of my 15 predictions right in 2020.

My unique twist on annual predictions

Here’s what I do differently.

• I’m going to make a prediction along with my confidence in the prediction

• I’ll provide a measure of success; a quantitative and objective way to measure if the prediction came true.

• I put my skin in the game! At the end of 2022, I will tally up my score. For every 10th of a decimal point my expected correct is away from my actual correct, I’ll donate $10 to the Electronic Frontier Foundation. For example, if I get 13/15 right, and I expect to get 14.5 right, that’s a $150 donation. (scroll down to the end of this blog post to see more on the methodology)

Do you know of any other annual prediction list that puts money where their big mouth is?

2022 Predictions

This year, I will make 18 predictions; 10 information security/cyber, five general, and three exotic, outlier events to make it interesting.

Cyber Predictions

#1: Cybersecurity investments made by US mega-corporations will pay off big in 2022.
Measurement: None of the companies in the Fortune Top 10 list will experience a reported data breach by December 31, 2022. Data breaches are in the public record, so this will be easy to cross-reference.
Confidence: 80%
Why? I’m not going out on a limb here. Many folks make a lot of money selling the idea that catastrophic data breaches happen all time. However, taking an unemotional and empirical look at the data, we see it’s not the case. Look at how many companies there are in the US and compare that with the number of data breaches per year. It’s a rare event. Of course, it could (and has) happened in the Fortune Top 10, but I’m betting it won’t happen this year.

#2: 2022 will be the “Year of the Data Breach.”
Measurement: A news article, blog post, or security vendor will declare 2022 the “Year of the Data Breach.” 
Confidence: 90%
Why? Always. Always, always, always with the hyperbole. Every year is the Year of the Data Breach.

#3: Consumer data protection and data privacy will (again) not be a priority to federal lawmakers.
Measurement: Congress will not pass a federal data breach law by the end of 2022.
Confidence: 90%
Why? We need it – the patchwork of data breach laws across states creates a burden for businesses and harms the consumer. I don’t see a federal data breach law in 2022, however, with bigger fish to fry (midterm elections, COVID, Russia/Ukraine, the Build Back Better bill, etc.)

#4: Most computer-based cryptography will not be broken by technological advances, like quantum computing, in 2022.
Measurement: Oof, we’ll know the minute this happens. 
Confidence: 80%
Why? It’s coming, but probably not in 2022. It could, though.

#5: Ransomware will get worse in 2022, with real-life, catastrophic consequences. 
Measurement: Someone will die as a direct result of a ransomware attack in 2022. It will be significant news across the media and easily verifiable.
Confidence: 70%
Why? 2021 saw what is believed to be the first death resulting from ransomware. Unfortunately, I think there’s more to come. 

#6: Companies will experience an increase in security incidents due to the shift from office-based work to remote-based work.
Measurement: We will look at the percentage of total incidents caused by the Internal Actor category in the forthcoming 2022 Verizon Data breach Investigations Report (DBIR). For this prediction to be right, incidents caused by Internal Actor must be a higher number than the number published in the 2021 report.
Confidence: 70%
Why? Home offices just aren’t as secure as regular offices. For starters, consumer-grade networking equipment isn’t as robust and there are many more opportunities to lose or leak data.

#7: Data breaches will get worse in 2022 for the average US-based company.
Measurement: The number of companies reporting a data breach in 2022, as reported by the Identity Theft Resource Center will exceed the number in 2021.
Confidence: 70%
Why? Most years, it could go either way, but I think we’ll see an uptick due to remote work.

#8: Congressional action on ransomware will be stalled in 2022.
Measurement: We will not see any movement on legislation to curb ransomware in 2022, such as the Ransom Disclosure Act.
Confidence: 70%
Why? We need something, but I don’t see it happening in 2022 with midterms coming up.

#9: The Jabberzeus Subjects – the group behind the Zeus malware massive cyber fraud scheme – will remain at large and on the FBI’s Cyber Most Wanted list by the close of 2022.
Measurement: If they’re caught, the FBI will announce it via a press release.
Confidence: 90%
Why? We’ll never catch these guys.

#10: New Federal laws or regulations will mandate cyber risk quantification in one more business sectors.
Measurement: We’ll see this via a press release or updated public frameworks.
Confidence: 60%
Why? This will happen eventually – it’s inevitable and bolstered by ransomware, critical infrastructure attacks, and significant vulnerabilities. It may happen in highly regulated sectors first, like financial services, healthcare, or critical infrastructure.

General Predictions

#11: It’s not going away. COVID will still be a global pandemic by December 31, 2022. 
Measurement: The closest we can get to a definitive line in the sand that the pandemic is “over” is for the WHO to issue a press release saying it’s over, similar to what they did with Ebola in 2020.
Confidence: 75%
Why? I don’t think we’re done, unfortunately. We could be by now, but there are various factors why we’re not: virus mutations, science denialism, vaccine hesitancy, significant global inequality in vaccine availability, much more.

#12: Donald Trump will not face any charges stemming from the January 6, 2021 insurrection.
Measurement: Indictments are public record, so this is easy to verify.
Confidence: 90%
Why? The Machine. It’s the machine that Rage Against the Machine rages against.

#13: Russia will invade Ukraine.
Measurement: For this prediction to be correct, we need to see multiple major media sources reporting Russian soldiers are on Ukrainian soil.
Confidence: 90%
Why? From a December 2021 perspective, this feels inevitable.

#14: Donald Trump will not announce his candidacy for President in 2022.
Measurement: We’ll see an announcement on his website or a press release.
Confidence: 60%
Why? Just a hunch. I think he enjoys golfing in Florida too much to run again.

#15: The US will experience a recession in 2022.
Measurement: Based on data provided by the National Bureau of Economic Research (NBER).
Confidence: 60%
Why? It’s inevitable. We’re experiencing multiple bubbles, including the cryptocurrency tulip mania bubble. I’m betting it’s 2022 instead of 2023.

Exotics

Just for fun, I’m going to go out on a limb and put money on three oddball, exotic risks that I think could happen in 2022.

#16: Extraterrestrial life is discovered.
Measurement: This will be huge news, so it’s easily verifiable via media sources.
Confidence: 55%
Why? I believe this will happen at some point; the question is when. However, it will be boring, like microbe fossils on Mars instead of something like Independence Day.

#17: Cryptocurrency crashes in 2022
Measurement: Bitcoin loses equal to, or more than 70% of its January 1, 2022, 12:00 AM GMT value sometime in 2022.
Confidence: 55%
Why? I genuinely do feel like it’s going to happen. It could be from sudden government regulation, some kind of intentional devaluing, panic selling, cyber prediction #4 (cryptographic protocols are broken), coordinated cyberattack/theft, Satoshi’s identity being revealed, or something else.

#18: A cryptid, like Bigfoot or the Loch Ness Monster, will be discovered and proven to exist.
Measurement: A reputable science journal publishes a peer-reviewed paper, a creature is captured or documented to exist in a scientific and irrefutable way.
Confidence: 55%
Why? This one’s just for fun. 

Methodology

There are three parts to the prediction:

1. The Prediction: A statement about the future. I’m very careful to make direct, clear, and observable predictions. There should be no disagreement or alternative interpretations at the end of the year if the prediction came true or not. For example, “The Giants will win the 2022 World Series” is a good prediction. “The Giants will do well in 2022” is not a good prediction.

2. Measurement: An empirical way to test if the prediction came true at the end of the year.

3. My confidence in my prediction. This ranges from 50% (I’m shaky; I might as well trust a coin flip) to 100% (a sure thing). The sum of all percentages is the number I expect to get right. People familiar with calibrated probability assessments will recognize this methodology.

The difference between the actual number correct and the expected number correct is an indicator of my overconfidence or underconfidence in my predictions. For every 10th of a decimal point my expected correct is away from my actual correct, I’ll donate $10 to the Electronic Frontier Foundation. For example, if I get 13/15 right, and I expected to get 14.5 right, that’s a $150 donation.

---

*** This is a Security Bloggers Network syndicated blog from Blog - Tony Martin-Vegue authored by Tony MartinVegue. Read the original post at: https://www.tonym-v.com/blog/2021/12/30/my-2021-cyber-predictions-with-skin-in-the-game