Virtualization Technology News and Information
Black Kite 2024 Predictions: How will the market and CISO role evolve next year?


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

2024 Cybersecurity Predictions: How will the market and CISO role evolve next year?

By Paul Paget, CEO of Black Kite

As the cybersecurity landscape continues to evolve and attackers become more sophisticated, we can expect market changes in the upcoming year. According to a report, the cost of cybercrime is predicted to hit $8 trillion by the end of 2023 and will grow to $10.5 trillion by 2025, proving the urgency for business leaders to prioritize effective security strategies.

In 2024, it will no longer be acceptable to use older tactics that are now outdated, or partial monitoring to combat risk, instead organizations will look to more modern solutions to safeguard data and protect stakeholders. The CISO role will also shift to a more strategic role in the coming year as a result of increasing risk, the quickly changing threat landscape and new legislation and regulations. Here are four trends we can expect to see next year.

Third parties will be considered part of an enterprise ecosystem for security teams who historically focused on only enterprise-controlled IT resources

In recent years, third-party vulnerabilities went unreported because it was not a requirement, so it was out of sight and out of mind until a breach happened. And since typically, these outside vendors were not being monitored closely for security, insurance companies could avoid paying claims in the event of a ransomware attack.

It has now been proven that third-party suppliers add significant security risk to organizations and their stakeholders, and in the coming year, CIOs and CISOs will become more vigilant in monitoring their vendors for security risks to their organizations. The discipline of continuous monitoring will be extended to manufacturers, suppliers, distributors and contractors beyond IT to supply chain and other organizations that support the business. This will keep organizations abreast of any weaknesses and high-profile vulnerabilities that could impact their businesses and systems, which could indirectly impact their own customers and stakeholders. And will ensure CISOs adhere to new regulations, like the new SEC cybersecurity guidance, as needed.

Point-in-time cybersecurity questionnaire-based assessments will become obsolete

As a result of innovation and more automated assessment solutions, point-in-time security questionnaires as evidence of good cyber hygiene, will become obsolete in the coming year.  There was a time when periodic risk assessments were the norm because it was the only solution available. However, with innovation and more sophisticated technology in the industry, this tactic is unacceptable for effective security monitoring. The pace of change within modern digital environments requires continuous monitoring - any amount of time between assessments leaves critical gaps, cost time and resources while dramatically increasing risk. Moving forward, questionnaires and artifacts will merely be used as proof points for attestation purposes, but no longer a key part of a robust third party risk program.

More CISOs will become strategic and risk-focused in 2024

Over the past few years, we have started to see a trend towards CISOs being in a more strategic role within organizations, but it has proven to be harder than expected. Traditionally, they have acted more operationally, dealing with multiple incidents at a time, which has caused them to be more reactive in their roles. While they are striving to be more strategic, it sometimes isn't possible with all the fires they need to put out during a typical day or week.

As the average cost of a data breach globally reached an all-time high of $4.45 million in 2023, security is more important than ever. CISOs taking on more strategic roles better position companies to protect their businesses and combat growing cyber threats that arise. In 2024, we will see that CISOs will prioritize balancing strategy (including risk) and operations, in order to have a more effective security approach. More CISOs will separate from the operational role to do so (or leave their organizations to gain that responsibility). Whether it's the ability to speak to the board, join a board, properly research and vet new technologies, or spending more time planning, next year, they will devote more effort to risk and strategy in order to further establish their role as business leaders of organizations - and not just technical leads.

Risk will continue to evolve and grow, however, in order for companies to be successful at managing it, their priorities and tactics will need to evolve and become more modern. Security will be a bigger priority for business in the coming year and safeguarding organizations will require CISO leadership to play a more prominent role within the c-suite in order to be most effective. These trends will strengthen security strategies and put companies in the best position to combat risk in the coming year and beyond.



Paul Paget 

Shortly after joining in 2019, Paul became the CEO of Black Kite, driving the growth strategy of the company and brand from its early stage into the number one recommended company in the security ratings space. Prior to Black Kite, Paul was Chief Executive Officer of PwnieExpress where he transformed the company into the world's first SaaS IoT threat detection player. Other past positions include being the Chief Executive Officer of Savant Protection (now part of Digital Guardian) and Core Security Technologies. Paul has also served in executive leadership roles with Baltimore Technologies, GTE (now Verizon) and CyberTrust. Paul holds a B.A. from Bowdoin College.

Published Monday, December 18, 2023 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2023>