Smart glasses on modern city background showing security trends

Top Security & Risk Management Trends in 2024

The world of cybersecurity — which includes both tactics by hackers and how we combat increasingly complex data breaches and attacks — is constantly evolving. In this guide, we’re going to explore some of the top security and risk management trends to look out for in 2024.

1.  An overall increase in cybersecurity attacks and data breaches

Hardly a day or week goes by without the mention of a high-profile cyber attack in the news — and those are just the ones we hear about. The numbers are staggering: Around the world, 30,000 websites are hacked every day with a new attack occuring online every 39 seconds. In general, the cost of global cybercrime is expected to increase 15% over the next five years, reaching $10.5 trillion per year by 2025.

Unfortunately, cyber attacks show no signs of slowing down. For example, in 2016, a business fell victim to a cyber attack every 40 seconds; in 2021 that number fell to just 11 seconds. Overall, global cyber attacks increased 38% from 2021 to 2022.

The good news is that more and more companies and organizations are recognizing the need for skilled cybersecurity professionals, and as a result, cybersecurity employment growth has escalated — but hackers are continually adapting.

2.  More incidents of cyberwarfare

Cyberwarfare has become an increasingly popular way of attacking a country or nation through the Internet. Defined as an online-based attack with the goal of causing disruption or damage to a country or nation’s government, military or infrastructure, cyberwarfare can come in many forms — economic disruption, sabotage, attacking an electrical power grid, phishing and ransomware. According to a recent report from Armis, cyberwarfare attacks are on the rise around the world, and analysts predict that “cyber attackers will have weaponized operational technology, potentially even against humankind” by 2025.

3.  Rise in attacks using artificial intelligence and machine learning

There are many benefits to artificial intelligence (AI) and machine learning (ML) technology — reduction in human error, automating repetitive tasks and increased efficiency, just to name a few. While AI is used in security measures to prevent attacks, cyber criminals are using this innovative technology to generate creative ways of infiltrating businesses and targeting individuals. For example, the popular new AI chatbot, ChatGPT, is already being used to create malware that allow hackers to impersonate others or create phishing emails that are indistinguishable from actual communications from a specific business or organization.

In a recent CNBC article, Brian Finch, co-leader of the cybersecurity, data protection & privacy practice at law firm Pillsbury Law, had this to say about artificial intelligence: “AI can be used to identify patterns in computer systems that reveal weaknesses in software or security programs, thus allowing hackers to exploit those newly discovered weaknesses.” He went on to explain that “security experts have noted that AI-generated phishing emails actually have higher rates of being opened — [for example] tricking possible victims to click on them and thus generate attacks — than manually crafted phishing emails.”

4.  Global adoption of a “zero trust” model

A zero trust model essentially assumes that everything and everyone is a threat, which means that all corporate network traffic is logged and analyzed and employee access must be verified. Demand for zero trust products and support has grown with the market expected to hit $51.6 billion by 2026 — a substantial jump from just $19.6 million in 2020.

5.  More investment in employee cybersecurity training

One of the most important ways to combat cyber attacks is through employee education. Some federal and state regulations require training; for example, the Department of Health and Human Services mandates that 100% of its employees and contractors receive information security awareness training every year. Cybersecurity education can also come in many forms, including workshops, cybersecurity degrees and certifications or having cybersecurity consultants conduct employee-wide training.

6.  The need for cybersecurity insurance

A cyber attack can be extremely expensive; in fact, the average cost of a data breach in the U.S. is $9.44 million, which is why many businesses and organizations are investing in cyber insurance. While the best first line of defense against an attack is a trained team of cybersecurity specialists, cyber insurance is a valuable investment for the future.