84% of organisations expect to increase their cyber security budget, and 75% plan to use generative AI for cyber defence over the next 12 months. These were two of the key findings from this year’s global Digital Trust Insights study. Here are my top six picks for organisations to prioritise in 2024:
1. Establishing AI foundations and guardrails
With the EU AI Act on the way and organisations racing to harness the benefits of AI, a lot of attention still needs to be devoted to establishing guardrails and solid foundations for AI. I expect to see much of this load landing on CISO’s desks even if this is clearly a broader business responsibility. This includes data foundations for AI, role based access controls and measures to ensure responsible and trusted use of AI. CISO’s also need to consider the new threats and opportunities presented by AI in protecting the organisation. Businesses are already having to play catch-up: For 42% of respondents to our Digital Trust Insights study, the risks associated with generative AI are not yet considered in risk management. This will have to change in 2024.
2. Quantum computing readiness moves up the agenda
Experts have been warning about the risks to encryption by quantum computers for many years. Now, the Gen AI revolution is giving new fuel to the development of quantum computing – partly because AI is ultimately constrained by our ability to continue to squeeze more processing power from silicon-based hardware. The two technologies are a game changing match made in heaven.
“I believe that CISO’s should be following developments closely and reprioritising quantum readiness programs as well as acquiring skills and knowledge. Our Digital Trust Insights study shows that 45% of respondents have not yet integrated this risk into their risk management.”
3. Getting ahead of the EU regulatory wave
A whole series of new laws are coming to companies operating in the European Union – most importantly, DORA, NIS-2, the Cyber Resilience Act and the AI Act. Global businesses also face overlapping regulations from other jurisdictions, including the US and China. One outcome of the regulatory wave is what we have been calling the “New Era of Cyber Transparency” – where reporting and disclosure of cyber incidents and practices is moving from being voluntary to mandatory. This means CISOs must be able to translate operational cyber reporting into reports that executives can work with to be comfortable with disclosures and to allocate capital to the right cyber initiatives. 73% of companies surveyed in our Digital Trust Insights study said there are significant additional costs associated with getting compliant with harmonised cyber and data protection laws. Getting ahead of this in a systematic way should be a priority for CISO’s in 2024.
4. Reskilling cybersecurity professionals for the future
I often feel that the cyber security profession has been flat footed in keeping up with the tremendous changes and diverse new skills required to effectively manage cyber security as a risk in the modern enterprise. From technology based skills like securing multi-cloud environments where everything is software defined, AI and Quantum computing and OT / IT convergence to more business oriented skills to operate effectively in a crisis and fulfil the needs brought on by a “New Era of Cyber Transparency”.
“The continuing education needs of business leaders and cyber security professionals has never been greater and should be top of the Boardroom and CISO agenda. Ultimately businesses need a clear picture of the skills required, which are essential to maintain in house and which to source from elsewhere.”
5. The cyber managed services industry will be disrupted
Most organisations that I speak to are simply not happy with the value delivered by cyber managed services. With CISO’s much more accountable to C-suites for cybersecurity outcomes, they need providers that help deliver on these outcomes – to manage cyber risk, increase resilience, optimise control systems, report on control effectiveness and reduce costs by focusing on the right things. Many cyber managed services remain extensions of ticket based IT managed services, delivering very little value to cyber risk management. At the same time, AI and the cloud together with integrated cyber security platforms stand to completely upend the market for cyber managed services, helping to better deliver on the outcomes the business needs. In 2024 this presents CISO’s with new opportunities to reassess cyber security sourcing strategy and improve effectiveness.
6. Cyber-tech consolidation and a move to integrated platforms continues apace
Driven by the need for greater visibility and transparency, reduced complexity, and cost optimization, organisations will continue to move towards integrated cyber security platforms in 2024. According to our Digital Trust Insights Study, 92% of organisations have already begun a move to consolidate their cyber tech stack or plan to in the next 2 years. Integrated platforms for cyber security play a central role in this.
“Integrated Platforms hold the potential to enable the rapid integration of new security solutions, reduce redundant processes, and strengthen defences against threats. It seems this trend will continue apace presenting opportunities and challenges which CISO’s should be tuned into in 2024.”
Contact us
