By Mr. Filip Cotfas, Channel Manager, CoSoSys
Several in-depth market reports were released in 2022, predicting the state of the DLP market in 2023 and beyond. The news is that they all predict similar market dynamics for the upcoming years – steady growth. The reasons why steady DLP market growth is expected.
All reports point towards steady DLP market growth in the next few years, but they rarely explain the factors behind such reasoning other than showcasing the numbers. What we did to complement that is we’ve identified three key data security and data loss prevention market drivers that are clearly visible around the world and that may have an impact on the global data loss prevention market, DLP solution functionality developments, as well as on the organizations deciding that it may be a good time to invest in this class of cybersecurity tools and stakeholders interested in investing in DLP initiatives.
1. Remote/hybrid work – increased risks of accidental exposure
The sudden switch to the remote/hybrid work model was initially regarded by businesses as a temporary measure to mitigate the COVID-19 impact. Who could have known that so many of us would find that model much more appealing than working on-premises and it would be here to stay?
During the time of the pandemic, when businesses had to very quickly switch to the remote model, there were a lot of urgent needs that had much higher priority than additional data protection measures, for example, secure communication with internal company assets. Now that the situation has stabilized and solutions have been introduced for the most pressing issues, it’s time to expand the security infrastructure around the new work model.
Unfortunately, a remote/hybrid work model brings a lot of new threats to company data. Many businesses attempt to resolve this by introducing harsh restrictions for company-owned devices, but this doesn’t eliminate such threats:
If the user has no restrictions on their business device and is able to mix work with personal activities such as social media or private email, there is a high risk that they will share some sensitive company information by mistake using these platforms.
On the other hand, if you prevent the user from using private software and/or social media on your company devices, they will be more likely to move data between their private and work computers using, for example, USB drives or transferring information using private and company email addresses or private cloud storage.
No matter how you solve this, you have to accept that your employees are now out of your direct control and often mix work with their private lives. Therefore, the risk of accidental exposure to sensitive data is much higher than before. This urgently calls for data loss prevention.
Takeaway: Due to the increased risk of accidental exposure of sensitive data in a remote/hybrid work model, the need for DLP solutions increases, and such solutions must focus on end-user activities. Therefore, we expect DLP solution growth trends to focus on end-user devices.
2. Recession – more incentives for data breaches
The pandemic-related lockdowns were already financially difficult for many businesses. However, nobody expected that right after COVID-19 phases out, we would face even more financial crises and stalled market growth. Calling the recent developments in the world’s political situation volatile is an understatement. The ongoing political situation affects key markets, causing prices to rise globally, especially in Europe. We’re seeing the beginning of a major recession period, and it’s difficult to estimate its ultimate effects on businesses. One thing is for sure, though – people are suffering.
Faced with food prices and energy costs going sky-high, people need more money to survive. At the same time, businesses cannot afford to match the rise in prices as they are affected by diminishing growth rates and increasing costs as well. As a result, we can already see mass layoffs in large enterprises and SMBs. This means there’s already quite a lot, and there are going to be even more people out there who will consider questionable financial incentives. This also means that there will be more businesses that would be willing to go beyond what’s legal and ethical to gain an advantage in the competitive landscape.
A well-implemented DLP solution may provide early warning against internal and external threats leading to the loss of data. In 2023, businesses may need to shift their focus even more from accidental data loss to intentional inside threat actors and attacks such as spear phishing. And this means that DLP solutions will need to serve as an early warning system for any type of suspicious activity by the remote/hybrid employees as well as a lifebuoy for targets of well-prepared attacks.
Takeaway: Due to the recession and increase in data breaches, internal threats will become an even bigger concern, and DLP software will need to serve as an early-warning system for organizations to prevent intentional data breaches. It will also be instrumental in preventing the consequences of well-prepared spear phishing attacks coming from criminal organizations.
3. Compliance – growing requirements in response to increasing threats
Industries where data is of utmost importance, such as the healthcare and financial sectors or military/aerospace, are already facing a lot of compliance requirements that translate to the need for solutions such as DLP. However, with the continuous expansion of threats and risks, compliance practices are expected to ensure the safety of sensitive data further. This means we can expect more compliance standards to emerge, including in industries unaffected by such requirements. On the other hand, we can also expect current compliance standards to become stricter with time to ensure even better data protection.
Many businesses already face the legal necessity to purchase a data loss prevention solution to maintain such compliance. Introducing such solutions at the last moment, just to meet the requirements, is not the best idea, and so many businesses will hopefully decide to strike pre-emptively and implement DLP before it becomes required.
Takeaway: What may now be open to interpretation in compliance standards related to cybersecurity may soon be stated clearly, rushing organizations into adopting specific solutions such as DLP. On the other hand, DLP providers should be ready to adjust to cover any new standards emerging, even for currently non-regulated industries.