The Biggest Cyber Trends in 2024 to Prepare for Now

December 27, 2023

Cybersecurity is already topping the list as one of the greatest risks to businesses. 2024 will be no different—in fact, by the end of the coming year, the cost of cyber-attacks on the global economy is predicted to top $10.5 trillion. In addition to existing threats, artificial intelligence (AI) will continue to grow and evolve in the coming year, and businesses need to be prepared. Digital and technology risks are the top risks business and tech leaders are prioritizing to mitigate over the next 12 months.[1]

Check out our full list of 2024 cyber trends that firms should begin preparing for now:

1. Increased Regulation: Cybersecurity is expected to remain a top priority for regulatory agencies across the globe, including the SEC. Earlier this month, the SEC announced its updated, regulatory agenda, which includes several cybersecurity-related proposed rules, including the proposed Cybersecurity Risk Management Rule and the proposed AI Rule. According to the SEC’s 2024 exam priorities list, focus will center on registrants’ policies and procedures, internal controls, third-party vendor oversight, governance practices, incident response, identity theft prevention program training, and policies and procedures to protect client information.
2. Intricate & Personalized Phishing Attacks: Generative AI (such as ChatGPT) tools enable more attackers to create more personalized and believable phishing campaigns.  Deepfake will become increasingly prevalent as well due to technological advances in deep learning and computation power. A large-scale production of inaccurate fake media has become easier and more attainable.
3. Cyber Security in The Board Room: Gartner has predicted that by 2026, 70 percent of boards will include at least one member with expertise in the field. Firms can no longer sit back and assume cybersecurity is addressed by IT personnel. As threats become more sophisticated, it’s essential to have appropriate expertise. Going forward, firms will need to be aware of the role cybersecurity will play in day-to-day business practices and allocate resources accordingly.
4. Internet of Things Targeted Cyber Attacks: The number of devices connected to the internet and technology used to facilitate connections is increasing. This increase leads to more “ins” for bad actors to exploit. Targeted attacks may include cloud-related threats, attacks on connected devices, and hack-and-leak operations.[2] Continuance of remote work fuels this risk and highlights the importance of properly securing remote devices. Check out our remote work checklist to reduce your firm’s risk.
5. Incident Response: For many firms, it is not a question of if they will experience a cyber-attack, but when. With the projected increase in cyber threats and number of cyber-attacks, prioritizing a proactive incident response process will be a trend in 2024. Simply being reactive and not having a plan in place to address an incident will cause firms to experience a greater loss. Establishing an incident response plan and testing the plan on a reoccurring basis can assist with ensuring a firm is ready to respond to a cyber-attack.
6. Access and Change Management Controls: As the cyber threat landscape evolves, threats related to access management will continue to evolve. In many instances, employees are granted more access than needed to fulfill their job responsibilities. This significantly increases risks phishing attacks  and the potential damages resulting from  insider attacks. Onboarding and offboarding procedures and access reviews can assist with ensuring firms’ employees are granted only the access needed based off their role.
7. Cyber Warfare and Nation-state Actors: Geo-political tensions abroad demonstrate that states are willing to deploy cyber-attacks against military and civilian infrastructure. Nation-states heavily invest in and utilize cybersecurity to gain geo-political advantages. Continued warfare and upcoming political elections could lead to phishing attacks designed to gain access to systems for espionage or disruption to major services, such as transportation or public utilities.
8. Cybercriminals and Individual Hackers: Cybercriminal groups usually focus on financial gain, which makes firms in the financial industry particularly susceptible to being targeted. Tools used by state actors can also end up in the hands of cybercriminal groups, increasing the risk they pose. In contrast, individual hackers’ motives may include curiosity, financial gain, or notoriety. Multiple technology platforms enable hacking and are becoming more accessible via platforms that hack as a service. This opens the door for less experienced individuals to pose a risk.^[3]

What does this mean for me?

As the cybersecurity landscape continues to evolve, it is critical to maintain best practices to protect individuals and organizations as a whole from cyber-attacks. If you have any questions, or need assistance, Fairview can help.

Fairview offers turnkey solutions that address SEC requirements for cybersecurity, and our team of regulatory experts are available to answer any questions you may have regarding regulatory issues, as well as training, phishing, vendor due diligence. To learn more, visit our Cyber Solutions page or contact us if you’d like to speak to one of our cyber experts.

[1] https://www.pwc.com/gx/en/news-room/press-releases/2023/digital-trust-insights.html

[2] https://www.pwc.com/gx/en/news-room/press-releases/2023/digital-trust-insights.html

[3] https://www.bdo.ca/insights/top-cybersecurity-threats-and-predictions-for-2024