“Risk is a function of likelihood and impact. Simply put, it is the effect of uncertainty on objectives. Looking into the crystal ball ahead of the start of 2024, it is a pretty easy prediction to say that cyber risks will be increasing. Specifically, it is data that is going to be at more risk.

“With the increased likelihood of either a data breach or data corruption as a consequence of a cyber-attack, and with the increasing impact of the associated reputational damage, regulatory fines, costs of business disruption, loss of customer and supplier trust, workforce departures and, in the most extreme cases, the potential loss of the business itself, organisations of all types would do well to consider the stakes and take reasonable steps to mitigate them.”

Geopolitical turbulence will cause stresses in unanticipated areas

“Conflicts in Europe and the Middle East have demonstrated how quickly supply chain disruption can be manifested closer to home. Conflict, political turbulence, extreme weather events, economic shocks and technological innovation, to name a few, it will be critical for leadership teams to consider the factors at play, and how they might impact operating models, when developing a resilient business strategy.”

Cyber-attacks will increase in number, and victims of attacks will suffer greater disruption as critical business data is corrupted or compromised

“Seen against a historic trend in the rising number of cyber-attacks, AI will be harnessed by malicious actors to increase the potency of their cyber-attacks. 

“To counter this, leadership teams from organisations of all sizes should take time to consider the potential impacts and how they could take the necessary preparatory steps to improve their chances of surviving. Optimism is not and will not be an effective strategy: developing the necessary muscle memory through practice and preparation is a good start.”

Data will become increasingly attractive to attackers and, therefore, the need to protect it will become paramount 

“Data storage and retention will become a business-critical issue. The more that is stored, the higher the costs to protect it from attack. 

“In the event of an attack, it will be the ability to restore data and the associated business activities quickly, that will be the difference between a successful and unsuccessful organisation. Clean and offline back-ups are a must, as are regular testing of data and system recovery processes.”

Customers, shareholders, investors, suppliers and regulators are going to take more of an interest in the degree of organisational preparedness

“Taking positive steps to protect yourselves and demonstrating your capacity to respond effectively in the event of a debilitating cyber-attack will be necessary to reassure key partners. Failure to do so will result in loss of business as customers seek to work with organisations that do take the necessary steps and demonstrate the right behaviours.”

Trusted ecosystems will develop amongst organisations that take the necessary steps

“ Tackling the challenges ahead with a resilient mindset, “just in case” rather than “just in time”, businesses will seek to work with like-minded organisations. Laggards will lose market share, whilst early adopters will go from strength to strength in the era of increasing uncertainty.”

CISOs will have more of a say at board level 

“Cometh the hour, cometh the CISO”. In light of the increased risk to data and ever-increasing regulatory interest, CISOs will have a greater influence on business strategy in 2024 than before.

“Where CISOs can articulate the return on investment of security to the protection of the organisation’s value chain, cyber security budgets will increase and there will be alignment with wider business strategies.”

As general Cyber Security awareness improves, malicious actors will shift their focus from phishing towards exploiting vulnerabilities

“Under-resourced Information Security teams will be under sustained pressure to quickly patch applications and manage diverse IT estates to ensure that both hardware and software are being supported.  Zero-day attacks will continue, with a small number of attacks accounting for a significant number of victims as we saw with Cl0p’s MOVEit attacks in 2023.”