NCC Group’s global look ahead to 2022 with Inge Bryan

We’ve interviewed industry leaders from our four key geographies – the UK, the Asia and-Pacific (APAC) region, North America and Europe – to understand the key developments in each region over the last twelve months, and what we might expect from the year ahead and beyond.

Europe with Inge Bryan, Managing Director of NCC Group Europe/Fox IT

We sat down with Inge Bryan – who brings a wealth of cyber and security experience and insight having held senior roles within and as an advisor to government – to understand the key things we need to know about 2021 and her predictions for the year ahead and beyond.

What are the three key developments you saw in Europe in 2021?

The introduction of NIS2 marked a step change in the European Commission’s approach to regulating the cyber security of critical infrastructure. The proposal, which revises the EU’s current NIS Directive, takes a far more prescriptive approach in terms of defining what constitutes critical infrastructure and what steps operators need to take to comply. Its relatively quick passage through the European Parliament is indicative of the broad acceptance that Europe’s critical sectors are not where they need to be and regulatory intervention is required.

Digital sovereignty also continues to be a huge focus area for European policymakers. For businesses, this has resulted in an increasing pressure to demonstrate that their data – and, in some cases, their broader IT infrastructure – remains within the European Union.

In the cyber security industry, I continue to see demand for skilled professionals outstripping supply, by quite some margin. Industry and governments are responding by investing in skills, particularly through the education system, but so much more could be done to upskill the current IT workforce. We should also be looking at the role of diversity. In the 20 years I’ve worked in this industry, I am pleased to say that it has never been more diverse. But more can and should be done, and I’m so pleased NCC Group is leading the charge on this front.

What are the three key developments we can expect to see in Europe in 2022?

As more nations realise that ransomware is a threat to national security, I’m hopeful that we’ll see a proactive, joined-up response from governments. European intelligence services need to come together with their allies to develop genuinely coordinated, proportionate defensive and offensive cyber operations. Failure to do so will leave Europe massively exposed.

Collaboration with the private sector, through better information sharing and coordinated responses, will also be key. I expect the pressure on governments to protect their nations, combined with limited public resources as a result of the pandemic response, will cement the public-private partnership approach to combatting cyber risks that’s evolved across Europe.

In our sector, we’ll see an acceleration of new start-ups forming, alongside further market consolidation, in response to the rapidly increasing demand for cyber security professionals and services.

Wildcard prediction for 2022 and beyond

Weakened encryption will bolster mass surveillance. Governments, including here in The Netherlands, are exploring ways to weaken encryption to enable law enforcement to more easily access the information they need to do their jobs. One potential option is to force communication service providers to include a back door in their encryption for investigation and security services. Whilst this would make European crime fighters’ jobs easier, such back doors in global communication services are inevitably available to every state and entity that want to make use of it. That goes far beyond the framework of our democracy. I therefore hope that European governments’ work in this area will focus on the possibilities of circumventing encryption and not weakening it. We hope for a long time to come, with all colleagues in the security sector, private and governmental, to work towards a safe and more secure society for everyone. Strong encryption, so without a back door, is indispensable for this.