Together with our partner TempoCap, Bryan, Garnier & Co hosted a cybersecurity conference on Monday, 15 May 2023. The conference featured a crowd of Chief Information Security Officers (CISOs) from leading companies, service providers & integrators, and cybersecurity scale-up CEOs.

The day was structured around a series of keynotes and three panel discussions. We started with an introduction from both TempoCap and Bryan, Garnier & Co on the cybersecurity market and its current M&A and financing dynamics, followed by a presentation from the first keynote speaker Luigi Rebuffi, Secretary General and Founder of the European Cyber Security Organisation (ECSO), on the evolution of the European ecosystem. Our second keynote speaker, Andreas Wuchner, an experienced and recognized Cyber & Risk expert, business owner, board advisor, and investor with over 25 years of experience, presented some merits and limitations of cyber insurance.

Three panel discussions took place representing the key components of the cybersecurity ecosystem by featuring CISOs’ insights, Service Providers’ perspectives, and Cybersecurity Scale-ups’ input. Scale-up founders then had the floor to present their innovative companies.

Throughout the event, a few topics were identified as trends shaping the future of cybersecurity. BG IRIS analysts provided an overview of the key identified themes.

Cyber-attacks evolution

The first observations made by the Cybersecurity Service Providers and Integrators Panel participants were the booming number, magnitude, and frequency of cyberattacks that occurred since the onset of the Covid-19 pandemic. However, some players reported a temporary downtick in cybercrime activity attributed to a reorganization in hacker groups amid the Russia-Ukraine conflict.

Participants of the CISOs’ panel noted that the Ukraine-Russia conflict had raised awareness of the cyber threats as most companies and governments feared waves of cyberattacks, prompting them to get equipped against threats.
CISOs also highlighted a significant variation in the level of demand across sectors, where the most sensitive and critical industries such as healthcare and regulated industries continue to heavily invest in cybersecurity.

Bridging the gap between human resources and technology

As the frequency and complexity of cyberattacks continue to rise, it is crucial for defenders to respond promptly, necessitating adequate resources to keep up with the evolving threat landscape. The adoption of AI by both defenders and attackers has redefined the cybersecurity threat landscape. In the hands of malicious hackers, consumer-grade AI tools like ChatGPT increase the sophistication and success rate of phishing campaigns.

A significant risk factor lies in human vulnerability, as generative AI tools enable the creation of highly credible social engineering campaigns that mimic the writing styles, voices, or even videos of colleagues and stakeholders, deceiving users. In this context, cybersecurity training and awareness play a pivotal role in enforcing effective policies. The panel speakers emphasised that cybersecurity has become a top-of-mind concern for IT teams and CEOs alike. Vertical communication is critical, as CISOs have a duty to report the risks of cyberattacks to senior management and the board, ensuring the necessary investments are made to strengthen defences.

Addressing the human layer, the shortage of cybersecurity staff was identified as a significant challenge in the industry. The demand for skilled cybersecurity professionals far exceeds the number of qualified individuals available in the job market. To mitigate this shortage, automation and AI tools were mentioned as potential solutions to enhance work efficiency. For smaller companies struggling to recruit in-house cybersecurity experts, engaging Managed Security Services Providers (MSSPs) was mentioned as an alternative.

Panel speakers also emphasised the need for more inclusive hiring practices and improved work conditions in a predominantly male-dominated cybersecurity industry.

Andreas Wuchner, Operating Partner at TempoCap, expressed, “Cybersecurity companies cannot overlook 50% of the population (women).”

Other solutions include training motivated individuals from the outset, considering geographical flexibility, and highlighting the greater purpose that cybersecurity serves in the professional careers of the new generation, emphasising its contribution to the common good.

Securing the digital landscape

During the Cybersecurity Service Providers and Integrators Panel, it was noted that ubiquitous security platforms are on the rise. However, it may take a few more years before they become effective across all domains. In the meantime, there will continue to be a demand for best-of-breed solutions, which might eventually integrate with platforms or be replaced by emerging innovations.

Organisations now view the cyber landscape from new perspectives as they recognise the potential vulnerabilities present in the open-source packages they rely on when developing new software. To address this issue, shift-left or code protection solutions are emerging to bridge the gap. Defenders are now emphasising the importance of securing digital resources from their inception and avoiding hidden vulnerabilities, as highlighted in each panel discussion.

Observability services are also emerging both within the IT perimeter and beyond, including on the dark web, as emphasised by Camille Charaudeau’s presentation from CybelAngel. Furthermore, companies need to scrutinise their supply chains as part of their security processes. Even if a company itself is well protected, it could still be sharing data with clients or suppliers that have lower levels of protection.

Compliance and risk management

Moving beyond specific cyber technologies, all conference participants emphasised the need to redefine cyber risk management and cyber resilience in a broader and more flexible manner. This entails considering the protection of the entire organisation from any threat, rather than focusing solely on individual technologies. With regulatory bodies increasingly recognising the importance and consequences of cybersecurity, they have begun cracking down on insufficient security policies. Compliance with regulations has thus become a significant driving force in the industry.

Luigi Rebuffi, Secretary General and Founder of the European Cyber Security Organisation (ECSO), pointed out that Europe has no shortage of organisations involved in the cybersecurity space. However, what it lacks is cooperation between these entities and the actual cybersecurity players, along with shared knowledge. ECSO aims to bridge this gap by facilitating communication and collaboration among stakeholders.

In line with this trend, operating technology (OT) security was highlighted as an emerging topic by the Service Providers and Integrators panel participants. As more objects and production facilities become connected to the Internet, their vulnerabilities are exposed to potential attackers. Therefore, securing OT serves as the foundation for the upcoming European Cyber Resilience Act.

Cybersecurity insurance was another key topic raised by Andreas Wuchner and the CISO panel participants. It is increasingly relevant for companies as cyberattacks can lead to costs in the hundreds of millions, potentially bankrupting unprepared organisations. Cybersecurity insurance is still in its early stages, and the magnitude of the threats is just beginning to be understood. As actuaries gather relevant data, insurance premiums are likely to rise significantly.

Similar to any insurance activity, companies with lower levels of protection face higher premiums, prompting them to improve their defences against threats. The cost of cyberattacks is influenced by various factors that insurers need to analyse and categorise. These factors include the frequency of remote working, cloud migration, third-party involvement, and shortages in dedicated cybersecurity teams. Analysing these parameters can help organisations assess the potential costs they may incur in the event of a cyberattack.

Collective intelligence

Bringing together seasoned professionals, including Chief Information Security Officers, cybersecurity scale-up CEOs, service providers, integrators, and investors, the conference shed light on key themes and trends shaping the industry. It particularly highlighted the need for collaboration, awareness, and investment in human resources, technology, and compliance to ensure robust cybersecurity defences in the face of evolving challenges.

Scale-up companies

Code Intelligence’s Sergej Dechand delivered a presentation that echoed the discussion on “shift-left” protection and the integration of AI in cybersecurity. The company provides an automated software testing solution that enables developers to write more secure code, even when utilizing open-source libraries.

David Barroso from CounterCraft showcased his firm’s deception platform and threat intelligence tools, which enable an active defense posture.

Camille Charaudeau, the Chief Product Officer of CybelAngel, took the stage to present their protection platform’s capability to detect and resolve cybersecurity vulnerabilities beyond the organization’s perimeter.

Jonathan Gill, the CEO of Panaseer, presented their automated security posture management solution, aligning with the discussions surrounding the need for observability services in the cybersecurity space.

Niklas Hellmann, the CEO of SoSafe, addressed the topic of user awareness and training. He presented his firm’s training solutions and phishing simulations driven by behavioral science.

Christophe Corne, the CEO of Systancia, showcased his firm’s end-to-end Identity Access Management and secure application access solutions.

Antonio Barresi from Xorlab introduced their email security solution based on contextual data analysis, which helps organizations stay protected from modern threats.