While increased geopolitical tensions and economic instability continue to concern cybersecurity experts, a new report from the World Economic Forum spotlights widening cyber inequity and emerging technologies – such as AI – as key rising risks for the year ahead in the sector.
The Global Cybersecurity Outlook 2024 report, developed in collaboration with Accenture, distils insights of industry experts and global executives about key cyber trends that leaders will need to navigate in 2024 based on a series of surveys carried out between June and November 2023. Given the increasingly complex cyberthreat landscape, the report also calls for concerted collaboration – across borders and industries – to counter these interrelated threats and build a more resilient environment.
“As the cyber realm evolves in response to emerging technologies and shifting geopolitical and economic trends, so do the challenges that threaten our digital world,” says Jeremy Jurgens, MD of the World Economic Forum. “We urgently need coordinated action by key public-private stakeholders if we are to collectively address these complex, ever-evolving threats and build a secure digital future for all.”
The increasingly stark divide between cyber-resilient organisations and those that are struggling has emerged as a key risk for 2024. The number of organisations that maintain minimum viable cyber resilience is down 30% compared to last year. While large organisations have demonstrated notable gains in cyber resilience, small- and medium-sized companies showed significant decline.
This growing inequity is being fuelled by macroeconomic trends, industry regulation and, crucially, early adoption of paradigm-shifting technology by some organisations. In addition, the cyberskills and talent shortage continues to widen at an alarming rate. Only 15% of all organisations are optimistic about cyberskills and education significantly improving in the next two years.
In an interconnected world this growing rift means no organisations are completely safe. According to the report, external partners are both the greatest asset and the biggest hindrance to the cybersecurity of any organisation. In fact, 41% of the organisations surveyed that suffered a material incident in the past 12 months say it was caused by a third party.
“No country or organisation is spared from cybercrime yet many are direly underequipped to effectively face the threats – and we cannot have effective global response mechanisms without closing the capacity gap,” says Jürgen Stock, secretary-general of Interpol. “It is crucial that key stakeholders work collaboratively towards immediate, strategic actions that can help ensure a more secure and resilient global cyberspace.”
Emerging technologies such as artificial intelligence (AI) are another key trend to watch in this year’s outlook. Fewer than one in 10 respondents believe that in the next two years generative AI will give the advantage to defenders over attackers – and approximately half of experts surveyed agree that generative AI will have the most significant impact on cybersecurity in the next two years.
Its rise is stoking fears among experts about the exacerbation of long-standing challenges with around half of executives saying that AI-driven advances in adversarial capabilities of cybercriminals (phishing, malware, deepfakes) present the most concerning impact of generative AI on cybersecurity.
Despite these concerns, experts also highlighted an encouraging increase in focus on the importance of cybersecurity globally, particularly at the executive and CEO levels. The incorporation of cyber resilience into organisational risk management is also becoming more common, as per the report.
“Cyber resilience is increasingly dependent on a C-suite team that closely collaborates and communicates security priorities across the business and the industry,” says Paolo Dal Cin, global lead at Accenture Security. “This approach provides a clear view of cyber risks and allows security to be embedded from the start in all strategic business priorities, as well as across third parties, vendors, and suppliers.”