Skip to main content

New Analysis IDs Top Cybersecurity Risks

Washington, DC – Today, the Bipartisan Policy Center and its Cyber Working Group are releasing their analysis of the Top Risks in Cybersecurity 2023, providing clarity to policymakers and executives about what the most consequential and likely risks are in 2023. Specifically, the report addresses state-sponsored  cyberattacks on critical infrastructure, one-size-fits-all regulations, distance between security professionals and the C-suite, and dozens more.  

The Cyber Working Group identified eight risks, representing a consolidation of the most likely and impactful, including concrete examples, hazards, and possible scenarios of note, for each.  

  • Evolving Geopolitical Environment 
  • Accelerating Cyber Arms Race 
  • Global Economic Headwinds 
  • Overlapping, Conflicting, and Subjective Regulations 
  • Lagging Corporate Governance 
  • Lack of Investment, Preparedness, and Resilience 
  • Vulnerable Infrastructure 
  • Talent Scarcity 

The report says: “Identifying cybersecurity risks is the first step in managing them. This report—unlike other, more technical sources that identify cyber risks—frames them for the strategic audience of business and government decision-makers. We intentionally focused on identifying risks, not solutions, because various stakeholders may need to take different approaches. There are no one-size-fits-all fixes. Rather, these top risks must be considered individually by companies and collectively by the nation. Many will require a multifaceted response, across business and government, who will need to work various levers including policy, organizational culture, technology, and processes.” 

“Today’s cybersecurity landscape is constantly evolving, to protect ourselves from risk we must first understand the scope of the problem” said Tom Romanoff, director of the Technology Project for the Bipartisan Policy Center. “Our hope is that this list informs and prepares U.S. government agencies, Congress, and businesses for the year ahead, and that at least some, if not all, are addressed without incident.” 

Members of BPC’s Cyber Working Group include:  

  • Jamil Farshchi, Executive Vice President and Chief Information Security Officer of Equifax (co-chair) 
  • Tom Romanoff, Director of BPC’s Technology Project (co-chair) 
  • Christopher Painter, Former Cybersecurity Leader at the U.S. Department of State, Department of Justice, and the White House 
  • Craig Froelich, Chief Information Security Officer of Bank of America 
  • Hon. Jim Langevin, Member of the U.S. House of Representatives and Chair of the
    Subcommittee on Cyber, Innovative Technologies, and Information Systems 
  • Hon. Mark Brnovich, Attorney General of the State of Arizona 
  • Hon. Sean Reyes, Attorney General of the State of Utah 
  • Jeremy Grant, Coordinator of the Better Identity Coalition and former Senior Executive Advisor for NIST 
  • Jerry Davis, Vice President and Senior Security Advisor for PG&E 
  • Jules Polonetsky, CEO of the Future of Privacy Forum 
  • Noopur Davis, Executive Vice President and Chief Information Security and Product Privacy Officer of Comcast 
  • Phil Venables, Chief Information Security Officer of Google Cloud 
  • RADM (Ret.) Mark Montgomery, Executive Director of Cyberspace Solarium Commission 2.0 

The report also identifies strategic level risks and operational threats, that while not of immediate concern in 2023, they are further insights into the cyber risk and threat landscape and represent opinions from the diverse backgrounds from the Cyber Working Group. 

Methodology: The identified risks are a result of two brainstorming sessions of the Cyber Working Group in 2022. Considering the wealth of experience, knowledge, and diversity of the working group, they identified 60 risks that were consolidated into the eight documented in the report. A complete review of the initial brainstorming session is available under “Other Notable Risks,” organized into strategic-level risks and operational-level threats.  

Note: BPC thanks Equifax for its generous support and partnership for this project. The authors are grateful to all the participants from industry, government, and civil society who partook in the working group and offered their feedback as part of the report writing process. 

Read Next

Ep. 9: AI and Cybersecurity

Ep. 8: Navigating Tech Policy, Free Speech, and China in the Age of TikTok and Social Media

Poll Shows Small Businesses Are Interested in and Benefit from AI