Three Biggest Issues Driving Cybersecurity

Cyberattacks have become one of the top concerns for technology executives and business owners. Cybercrime will cost companies $10.5 billion annually by 2025. The estimated cost of cybercrime in 2021 was $6.1 trillion, which is expected to grow 15% each year.

Businesses are increasing their cybersecurity budgets to protect their assets. The number of online job postings for cybersecurity positions surpassed 755,000 in the 12-month period ending in December 2022. According to Gartner, cybersecurity spending will rise to $267.3 billion by 2026. CompTIA’s 2022 State of Cybersecurity report reveals that while most respondents believed that their company’s cybersecurity level was “satisfactory,” very few believed that it was “highly satisfactory.” Nearly all respondents felt that there was room for improvement.

The report suggests that the top three issues concerning cybersecurity are: A growing number of cybercriminals, privacy concerns, building trust, and lastly, a variety of attacks from different sources. In this article, we will discuss these top three cybersecurity concerns.

1. Growing Number of Cybercriminals

The average number of cyberattacks and data breaches increased by 15.1% between 2020 and 2021. While cybersecurity budgets and efforts are growing horizontally, cyberattacks and threats are growing exponentially.

Research reveals that external attackers can cause perimeter breaches and gain access to the network’s resources in 93% of the cases. After that, it takes only two days to breach the internal network of that organization. With the increasing number and sophistication of cyberattacks, organizations feel that they are not equipped well enough to protect themselves. Besides that, the prosecution and detection of cybercriminals in the U.S. are as low as 0.05%.

2. Privacy Concerns and Building Trust

Data privacy refers to the ethical and safe handling, storing and sharing of user data. Cyberattacks are global in nature and do not comply with particular jurisdictional regulations. However, organizations must comply with complex systems of rules and regulations like the General Data Protection Regulation (GDPR) and many others.

While data privacy and protection regulations are necessary, organizations often have to navigate through complex and sometimes even contradictory regulations. Such complexity of regulation sometimes creates challenges for organizational cybersecurity efforts instead of complementing them. This puts organizations under high pressure to constantly maintain security and privacy standards to build their customer trust.

3. Variety of Attacks

Cyberattacks have grown in variety and sophistication. There are a variety of cyberattacks that threaten enterprises. These include ransomware, IoT security challenges, blockchain and cryptocurrency attacks, phishing, supply chain attacks, cloud-based attacks, software vulnerabilities, insider attacks and more. As these attacks grow in complexity, so does the need for the organization to innovate constantly to mitigate these attacks.

Here are a few of the most common types of attacks:

1. Malware: Malware is malicious software that can infect computer systems and cause harm, such as by stealing confidential information or disrupting operations. Types of malware include viruses, Trojans and ransomware.
2. Phishing: Phishing is an attack that uses fake emails, websites, or text messages to trick people into revealing confidential information, such as login credentials or credit card numbers.
3. Denial-of-service (DoS) and Distributed Denial-of-service (DDoS) Attacks: DoS and DDoS attacks attempt to disrupt access to a website or online service by overwhelming the target with traffic.
4. SQL Injection: SQL injection is a type of attack that takes advantage of vulnerabilities in database software to gain unauthorized access to confidential information.
5. Man-in-the-Middle (MitM) Attacks: MitM attacks happen when a perpetrator eavesdrops on and modifies communications between two parties without either party being aware of it.
6. Cross-Site Scripting (XSS): XSS attacks take advantage of vulnerabilities in web applications to inject malicious code into a website, which can be executed by unsuspecting visitors.
7. Password Attacks: Password attacks include techniques such as brute force attacks, dictionary attacks and others, which attempt to crack passwords in order to gain access to confidential information.


The above discussion shows that cybersecurity has become one of the top concerns for organizations. The rise of cybercriminals, the increasing complexity and variety of cyberattacks and issues around trust and privacy are urgent ones that modern enterprises need to attend to. It is clear that the cybersecurity industry will grow in the next couple of years with high organizational cybersecurity spending and a rise in the number of cybersecurity jobs.

Avatar photo

Gordon Pelosse

Gordon Pelosse is the Senior Vice President, Employer Engagement at CompTIA, a non-profit that has established itself as the voice of the IT industry. With over 40 years of experience, he helps employers find talent in a competitive labor market and trains unemployed and underemployed people for the IT sector.

gordon-pelosse has 1 posts and counting.See all posts by gordon-pelosse