The coming year, 2022, will be defined by lessons cybercriminals and cybersecurity teams learned in 2021. From the SolarWinds attack to the Colonial Pipeline ransomware debacle, 2021 was plagued by advanced and persistent threats (APTs) that reached new heights. In 2022, the rate at which such APTs are waged will only accelerate. They will be aimed against not only financial services but also the supply chain and critical infrastructure. The positive for cybersecurity is that cyberthreats are finally getting the attention and the budget required to interdict them. In fact, Javelin anticipates 2022 to be a year of rapid change in cybersecurity. The relative weakness of the U.S. cybersecurity infrastructure was laid bare in 2021, and financial institutions, cybercriminals, and consumers all took notice.

At larger institutions, in particular, Javelin has heard from cyber teams that say they have benefitted from an outpouring of attention and support from upper management. These teams now have a unique window to leverage that support and set the groundwork for a more resilient infrastructure. For smaller institutions, the renewed focus on cybersecurity and protection of critical infrastructure will support bigger investments in relationships with trusted managed security service providers (MSSPs), but those relationships have to be handled wisely. Too much cybersecurity reliance on MSSPs can open institutions to greater cyber-risk—a double-edged sword that will require more strategic planning on the part of the cybersecurity community and regional institutions in the year to come.