The metaverse will be here sooner than you think. A quarter of people will spend at least an hour a day in the metaverse by the year 26.

This is great news for businesses, as it will allow them to create new business models and ways of working that will add value in ways we can only guess at now. The metaverse will transform how businesses interact with customers, how work is done, what products and services companies offer, how they make and distribute them and how they operate their organizations.

From an enterprise security perspective, the metaverse presents a number of challenges. Businesses struggle with securing their data and infrastructure. This will become more difficult in the multidimensional world of the metaverse.

The metaverse is moving. We were at a similar stage in the development of the internet in the early 1990s. Today we have a better idea of the kind of threats that can emerge in powerful digital ecosystems, which means we can be better prepared for what comes next.

The key is to discuss the challenges of the metaverse and mitigate them before they become a problem.

What are the risks of the metaverse? The metaverse will see similar challenges to the current security issues facing digital organizations, just adapted to the different forms of engagement, interaction and access that come with immersive, virtual environments.

Social media platforms are awash with aggression, bullying, harassment and exploitation. There’s no reason to think that these blights will not affect the metaverse.

There are four key questions that all CISOs and technology teams should be asking about the metaverse.

Can we protect PII (and other sensitive data) in the metaverse?

The California Consumer Privacy Act (CCPA) in the U.S., the General Data Protection Regulation (GDPR) in Europe and China are just some of the regulations that require businesses to secure personally identifiable information.

The metaverse doesn't change the obligations of enterprises to secure PII. What it does is scale the amount of sensitive data that organizations will collect, store and manage to deliver metaverse experiences.

Much of the data will come from technologies that blur the digital and physical worlds that define the metaverse, such as virtual reality headsets and smart speakers. Data governance, endpoint security, network security and a lot of other things will be more important as the number of people with PII increases.

The performance of the underlying network must not be slowed down by such capabilities. A jittery metaverse would quickly lose users.

How can I authenticate users?

One of the challenges facing current enterprise technologies is how to verify people's identities when they access sensitive digital services.