Information Technology

2024 Cybersecurity Outlook: Good and Bad AI, Compliance Concerns, and Softer Insurance

• By Kristal Kuykendall
• 01/25/24

Last year saw ransomware attacks increase to the record levels of 2021, and the mass introduction of AI began to show up in threat analyses. This year, experts say that AI-based attack tools will enable threat actors to dramatically increase both the quantity and impact of their attacks — and attacks are more likely to focus on stealing valuable data than on ransom payments. Compliance will continue to grow in complexity, and cyber insurance will likely see rates stay flat or dip slightly.

AI in Cybersecurity: Three Trends

Vishing Is About To Exlode: WatchGuard Threat Lab researchers expect that bad actors will use generative AI to combine deepfake audio with large language models capable of holding conversations with victims, to the point where human involvement is no longer needed for vishing attacks. “This suggests that the scale and volume of vishing attacks will soar in 2024,” the company said in its 2024 trends report.

More AI-Powered Attacks: WatchGuard Threat Lab researchers “expect an increase in the use and purchase of AI-powered tools by cybercriminals, making them the best-selling tools on the dark web.” For example, AI spear phishing tools currently account for only a fraction of attacks, but WatchGuard believes 2024 will usher in rapid growth in the automated attack vector market across the dark web.

More Demand For — and Output From — Managed Detection & Response Services: With an estimated 3.4 million cybersecurity jobs unfilled and workforce shortages projected to worsen, organizations seeking to stabilize their IT workforce and better protect their data will lean more heavily on managed service and security service providers, according to Gartner research. WatchGuard researchers noted that AI will be an essential tool for MSPs in 2024. Watchguard expects MSPs to turn to unified platforms with strong automation through AI and machine learning to optimize their business models. MSPs could double their business capacity and address the rising demand for cybersecurity services by implementing AI in their service offerings.

Privacy, Compliance, and Risk Management

Regulatory Whack-A-Mole: With federal agencies stepping up data privacy regulations, the compliance landscape will grow even more complicated for education institutions, and keep up with various state and federal requirements is a top concern for administrators, according to Eric Groen and Tonya Baez, researchers at North Carolina State University’s Enterprise Risk Management Initiative. The two surveyed thousands of board members and administrators in late 2023, finding that among academic leaders’ top concerns is ensuring privacy and compliance with growing identity protection expectations.

Insurance Costs Settling: After 2022 brought increases in cyber insurance policies — and a significant hardening of requirements to obtain a policy — experts say the market settled down during 2023 and policy costs began to fall. “A perfect storm of good trends and facts combined to create a soft cyber insurance market” going into 2024, said Dan Burke, National Cyber Practice Leader at Woodruff Sawyer. With costs still higher than pre-pandemic and claims falling thanks to improvements in cybersecurity controls, the cyber insurance market is not expected to take policyholders on a roller-coaster ride this year, he said. Instead, Burke predicted more insurers will enter the market, which could make policy estimates more competitive.