The midyear reckoning of cybersecurity predictions

The midyear reckoning of cybersecurity predictions

Michael Armer, CISO, RingCentral, assesses how accurate his 2024 technology predictions have been now we are deep into the second half of the year.

Michael Armer, CISO, RingCentral

Predictions are a fool’s game. Six months ago, I laid out my vision for 2024. Although I knew it’d be a pivotal year for cybersecurity, even I vastly underestimated the pace of change. 

Context is king here. It’s reasonable to say that 2023 was the year of unprecedented cyberthreats. Around the world the total number of publicly disclosed security incidents surpassed 2,800, with over 8.2 billion records breached. Almost one third (32%) of UK businesses identified cybersecurity breaches or attacks which came at a heavy price; the average cost of a cyberattack on UK SMEs rose from £11,000 to £15,300, hitting already taut purse strings hard. This doesn’t include the lost revenue from 26 hours of unplanned downtime, either. 

But if last year was defined by attacks, 2024 has so far been defined by resilience. Refreshingly, this is from the top down too. The Kings Speech in Parliament outlined the Cyber Security and Resilience Bill’s pledge to ‘strengthen [the country’s] defences and ensure that more essential digital services than ever before are protected.’ In tandem, the UK’s offensive cyber-agency, the National Cyber Force, is expected to swell to over 3,000 personnel by 2030, with significant expansion planned for this year alone. This governmental push is setting a precedent that businesses are swiftly following, recognising that resilience isn’t just about survival, but about competitive advantage in an increasingly digital marketplace.

As we stand at this midpoint of 2024, it’s clear that the cybersecurity landscape is evolving, fast. My predictions, while directionally correct, have been outpaced by reality in ways both exhilarating and sobering. So how did they materialise in the first half of this tumultuous year?

Corporate boards would prioritise cyberexperience (verdict: correct)

First, I believed that corporate boards would put cyberexperience under the microscope. This prediction has not only come to fruition, but far exceeded expectations. Today, a striking 30% of businesses have board members explicitly responsible for cybersecurity as part of their job role. This isn’t just a tick-box exercise; it’s a fundamental shift in how businesses perceive and manage risk.

The implications of this shift are profound. Cybersecurity is no longer siloed in the IT department; it’s a boardroom conversation influencing high-level strategy. As such, the UK’s Cyber Security Council also predicts the creation of 10,000 new cyber jobs in 2024, addressing the skills gap in the sector. 

Because security is now woven into the C-suite, cyber-resilience sits at the heart of business operations. Yet this shift brings its own challenges. There is a growing demand for board members who can bridge the gap between technical cybersecurity knowledge and business acumen. Organisations are scrambling to upskill existing board members or bring in fresh talent with this rare combination of skills. As we move into the second half of 2024, I expect to see a surge in executive education programs focused on cybersecurity governance.

Businesses would see security as a strategic business component (verdict: room for improvement)

As alluded to earlier, the statistics are stark when it comes to cybercrimes. UK businesses experienced approximately 7.78 million cybercrimes in the last 12 months. Yet, astonishingly, only 35% feel prepared to deal with cyberattacks. This disconnect between threat level and preparedness is both a challenge and an opportunity.

Forward-thinking businesses have indeed seized it as a strategic business component, leveraging robust cybersecurity as a competitive differentiator. They’re not just protecting themselves; they’re building trust with customers, partners and regulators. At a time when data breaches can obliterate brand reputation overnight, a strong security posture is becoming a business imperative.

This shift is manifesting in interesting ways. We’re seeing increased collaboration between security teams and other business units. Marketing departments are touting security credentials as a selling point. Product development teams are embracing ‘security by design’ principles. The businesses that are thriving are those that view security not as a cost centre, but as a business enabler.

But this embracing of security isn’t without growing pains, too. It’s for this reason that I’d say there’s still room for improvement on this trend. Many organisations are grappling with how to balance security needs with business agility. There’s a pressing need for security professionals who can speak the language of business, translating technical risks into business impacts. Like C-suite members mentioned above, I expect a rise in demand for ‘business-savvy’ security professionals who can bridge this gap.

An era of AI governance (verdict: correct)

My final prediction revolved around AI governance, and here, reality has outpaced even my most optimistic projections. 

The European Parliament’s approval of the world’s first comprehensive framework to regulate AI in March 2024 was a watershed moment. The EU considers the AI Act as a potential blueprint for other jurisdictions looking to implement AI legislation, and it has set off a domino effect, with similar acts planned or in development in the US, UK and China. Focusing on the former, state and local initiatives, such as the California Consumer Privacy Act, have created a patchwork of state-specific regulations, while China’s aim to encourage innovation while maintaining state control has limited success.

This regulatory landscape is reshaping how businesses approach AI. The era of ‘move fast and break things’ in AI development is over. Companies are now grappling with how to harness the power of AI while ensuring compliance with these emerging regulations. This is leading to a new breed of AI ethics committees within organisations, tasked with navigating the complex interplay between innovation, ethics and compliance.

But AI governance is not just about compliance; it is becoming a key factor in cybersecurity strategies. As AI becomes more deeply embedded in security tools and processes, organisations are having to consider the security implications of their AI systems. How do you secure an AI? How do you protect against AI-powered attacks? These are questions that weren’t on the radar for many businesses at the start of the year, but are now front and centre.

If I had to make one more prediction now, it’s that the pace of change will not slow. It is the businesses that adapt and embrace security as a strategic initiative, elevate cyber-expertise to the highest level of decision-making and navigate the complex world of AI governance that will thrive. 

The challenges are significant, but so are the opportunities. The only way to predict the future is to create it.

Browse our latest issue

Intelligent CISO

View Magazine Archive