Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more.

Last week, in part one of The Top 24 Security Predictions for 2024, I covered the top 15 cyber industry company reports and a summary of industry-wide security predictions. In part two, we will cover:

Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item — often in video format. My goal is to point you in the right direction and encourage you to visit website links for more details.

16) Delinea — Joe Carson,

You can watch a short YouTube video from Joe on each of their predictions:

17) Chuck Brooks, Forbes Compilation — Chuck always delivers excellent content, and his piece in Forbes brings in unique analysis, including in space and quantum computing.

“Space attacks: In the coming year, the security risk management of satellites and space will emerge as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure. The emerging frontier of Space will need to be a high security priority for 2024.”

18) ZeroFox — In their report,2024 Cybersecurity Trends – What’s in Store for 2024, we see the following, with key takeaways offered in their report under each category:

• Social engineering keeps growing, taking advantage of the most complicated and persistent security weakness in any organization: people.
• Ransomware and digital extortion still aren’t going anywhere. Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
• The deep and dark web continues to be critical real estate for cyber criminals. Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services are all for sale in cyber crime marketplaces.
• Mis/Dis/Malinformation (MDM) is the existential threat of our times. The expanding ease of access to tools for creating convincing audio and video pushes this threat from the horizon to our doorstep.
• Artificial intelligence threats are on the rise, as security analysts and threat actors alike adopt new generative AI and similar tools.
• Cryptocurrency-related threats appear to be on the rebound, given rising cryptocurrency values, including Bitcoin rising 109 percent and Ethereum rising 52 percent so far in 2023. These rises are likely responsible for the 399 percent increase in cryptojacking year over year.
• Threats to elections, including the 2024 U.S. presidential election, are an emerging trend. Multiple key elections taking place in 2024 are expected to drive an increase in various threat actor campaigns throughout the year.

They also say two areas are over-hyped: “These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.

• Nation-state threats remain scary, but are STILL not likely your top concern.
• The metaverse continues to have interest beyond its current impact.”

The report lists many current 2023 statistics, but at the same time outlines trends and forecasts for more stats in 2024. Here are a few to watch:

• Worldwide cyber crime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures (Cybersecurity Ventures).
• Cyber crime is predicted to cost the world $9.5 trillion in 2024, slightly lower than the projected growth rate (Cybersecurity Ventures).
• Global cyber crime damage costs are expected to grow by 15 percent per year over the next two years, reaching $10.5 trillion annually by 2025 (Forbes).
• For 2023, the United States continues to have the highest cost of a data breach at $5.09 million (IBM).
• 75 percent of security professionals have observed an increase in cyber attacks over the past year (CFO).
• According to Mordor Intelligence, the cybersecurity market size is estimated at $182.86 billion in 2023 and is expected to reach $314.28 billion by 2028, growing at a CAGR of 11.44 percent during the forecast period (2023-2028).

20) Cyber Ark — The CyberArk blog team offersCybersecurity Predictions for 2024 and Beyond.

Other predictions include:

• CISOs will go from consolidation to simplification around security
• Skill issues will force more hands around AI deployments
• Education and soft skills will get more focus

See also this Qualys list from and ITBrief Australia.

Digital blackmail will evolve and become more targeted.

• Ransomware will become more complex and damaging.
• Evolving attack methods: exploiting VPN and cloud infrastructure.
• Diversification of extortion methods beyond encryption.

Threat delivery will become more sophisticated on mobile:

• Instant loans as a lure into blackmail and extortion.
• Trojanized chat apps with spyware and stealing modules.
• Shifts in the delivery techniques of mobile threats.

Rising threats in the cryptocurrency sphere:

• An increased focus on crypto wallets by cyber criminals.
• Malware as a service will continue to evolve.
• Vulnerabilities in crypto exchanges and cross-currency transactions.

23) Threatlocker & G2 — Start with this G2 piece: “2024 Trends: Embracing Human-Centric Security in an Automated World.”

I really like this Threatlocker video featuring Chase Cunningham, known as Dr. Zero Trust, from G2:

They lead with election security against China and Russia for the U.S.

Excellent Threatlocker solution resources are here.

24) FTI Consulting — An excellent set of 10 Global Cybersecurity Predictions for 2024 that has solid references. Here are their items, but see the details at their website:

• Election Security Making Headlines
• A Two-Sided Approach to Artificial Intelligence
• Widespread Adoption of Zero-Trust Architecture
• Cities Integrating IoT into Critical Infrastructure
• Increasing Cybersecurity Supply Chain Risks
• Third Party Scrutiny Taking Priority for Compliance Officers
• The Start of Significant Fines From Australian Regulator
• Corporate Responsibility Shifting to Individuals
• Organizational Transparency Surrounding Cybersecurity
• Emergence of Incentivized Cybersecurity

BONUS: SIX MORE CYBER TRENDS AND SECURITY PREDICTION REPORTS

25) SolutionsReview.com — 2024 Cybersecurity Predictions from Industry Experts

Darren Shou, chief strategy officer at RSA Conference: “While not new for 2024, mental health challenges will continue for many in the cybersecurity industry who are overworked and underappreciated. The stress that cyber employees endure day in and day out to secure vital systems, companies and individuals is only compounded and exacerbated by the skills gap shortage that our industry faces. …”

26) F5 — F5 2024 Technology Outlook: A duo of trends is converging and promises to drive significant change in security in 2024:

• The Convergence of Security and Observability
• The Rise of AISecOps

But more interesting, perhaps, are the technologies that are enabling observability, security, and AI. These are the technologies that make new capabilities and use cases possible and are driving us toward convergence much faster than would otherwise be possible:

1. eBPF
2. APIs
3. GraphQL
4. DPUs

27) Barracuda — Cyberthreat predictions for 2024 from Barracuda’s security frontline

Predictions of note:

• “Attackers are shifting toward small and mid-market businesses as they are aware of the increased digitization and lack of cybersecurity professionals in the market.
• Attackers will keep exploiting the weakest links within businesses. As always, cybercriminals are interested in the path of least resistance. This means organizations need to make sure they have an overarching strategy ready to deal with all vectors rather than focus on one.
• I see two trends. The first one is the continuation of the usual threat vectors as attackers know that companies are both understaffed with inexperienced IT teams and grappling with possibly legacy, outdated, or misconfigured solutions. The second one is the natural evolution of technology — as we enhance our security assets with AI-based solutions, we are automatically creating new attack vectors that are crafted based on the quality of results of generative AI itself.”

28) FastCompany — 5 cybersecurity predictions for 2024 — The topics are common, but the explanations are unique and worth reading.

• Advanced phishing
• AI-powered scams
• Increase in supply chain attacks
• Deployment of malicious browser extensions
• Changing demographics brings more threats

29) Security Scorecard — Predictions for AI and Cybersecurity in 2024 Looking Ahead to the New Year

• The rise of specialized language models in cybersecurity
• Threat actors will use AI to get ahead
• AI governance will dominate legislative agendas

You can also view this video from Security Scorecard and Help Net Security.

30) Bernard Marr in Forbes — “The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now”

Here are his top five items:

• The Cyber Security Skills Crunch
• Generative AI Adopted on Both Sides of the Battle
• Next-Level Phishing Attacks
• Cybersecurity in the Board Room
• Cyber Resilience — Beyond Cybersecurity

HONORABLE MENTION SECURITY PREDICITONS

ITBrief Australia: Eight vendor AI security predictions for 2024

“In 2024, organizations will also increasingly appoint senior executives to their leadership teams to ensure readiness for AI’s security, compliance and governance implications. As employees become more accustomed to using AI in their personal lives, through exposure to tools such as ChatGPT, they will increasingly look to use AI to boost their productivity at work. Organizations have already realized that if they don’t empower their employees to use AI tools officially, they will do so without consent. Organizations will, therefore, appoint a chief AI officer (CAIO) to oversee their use of these technologies in the same way many have a security executive, or CISO, on their leadership teams. The CAIO will center on developing policies and educating and empowering the workforce to use AI safely to protect the organization from accidental noncompliance, intellectual property leakage or security threats. These practices will pave the way for widespread adoption of AI across organizations.”

Raconteur: Five cybersecurity predictions for 2024

First, an overall increase in cybersecurity attacks and data breaches: “Hardly a day or week goes by without the mention of a high-profile cyber attack in the news — and those are just the ones we hear about. The numbers are staggering: Around the world, 30,000 websites are hacked every day with a new attack occurring online every 39 seconds. In general, the cost of global cyber crime is expected to increase 15 percent over the next five years, reaching $10.5 trillion per year by 2025.”

SecurityWeek: Five Cybersecurity Predictions for 2024

Jade Hill leads with three AI items, and offers this surprising, but likely, prediction: “Social engineering attacks will remain responsible for billions in losses, with federal grant funding becoming an increasingly attractive target.”

SimpliLearn: Top 20 Cybersecurity Trends to Watch Out for in 2024

“Rise of Automotive Hacking — Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and Wi-Fi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.”

DigiCERT: DigiCert Unveils APAC Predictions for Digital Trust in 2024

• “Senior executives will become more knowledgeable about post-quantum computing, and companies will start accelerating their investments.
• Identity and provenance become the foundation for content authenticity.
• Software supply chains will see trust embedded in building blocks: inspect before you sign, check packages, provide Software Bill of Materials (SBOM) transparency.
• IoT trust will enable real-world use cases such as EV chargers and medical devices.
• We will see chief digital trust officers emerge as a key participant on the executive team leading the business.
• Zero trust as an architecture will proliferate. Its foundation will rest on digital trust.”

Direct Defense: The Top Cyber Security Threats for 2024: Expect More Sophisticated Attacks, More Cunning Bad Actors

Here are three of their forecasts:

• Going around endpoints to attack on-premise cloud environments
• Increased investment in attack campaigns
• Ransomware attacks shift to a “calling card” after the network has been breached

Security Week: Five Cybersecurity Predictions for 2024

“Kevin Kieller expects significant advancements in Copilot, hinting at transformative changes that could redefine the functionality of Teams Premium. Josh Blalock’s vision suggests a blurring of lines between professional and social networking, with Teams possibly integrating more closely with various social apps.”

Cofense: 6 Email Security Predictions for 2024: Cofense Experts Weigh-in 

Top two items:

1. Joshua Bartolomie, vice president of Global Threat Services —  “Organizations will shift to focusing on what they don’t know about their cybersecurity risks, leaning on threat intelligence more than ever. …”
2. Dawn Creter, director of product management —

Veritas Live: Veritas L!VE: 2024 Cyber Risk Predictions (YouTube video)

Top three:

• Starlink will bypass national Internet policy.
• The front-end developer role will be permanently redefined.
• The first AI model breach will take place.

Netskope: 2024 Predictions podcast

Sherron Burgess, senior vice president and CISO for BCD Travel: “The thing that I’m always worried about from an AI standpoint is the implications societally and what that may mean. I’m concerned that society will lose its responsibility to check machines and to really understand what’s real and what isn’t. And so I think that’s the ethos that we have to think about as we go into this new world and the promise of what AI is. …”

Frontier Enterprise: The 2024 technology predictions bonanza

Long list of predictions on many topics (most not security, but a lot of AI). In cyber, they lead with: “Safe AI will be a primary focus for leaders.

American City & County: 2024: 12 predictions for cities and counties (AI stars in all 12)

Trend 9: “Blockchain and Cybersecurity — As we progress through 2024, blockchain technology is increasingly being recognized for its potential to significantly enhance cybersecurity measures. Blockchain, at its core, is a decentralized ledger technology known for its inherent security features like immutability, transparency and resistance to tampering. These characteristics make it an appealing option for securing digital transactions and protecting data from cyber threats.”

HashiCorp: Three Voices, One Future — Cloud and Security Trends for 2024 (YouTube video)

Dean Phillips, director of public sector programs at Noname Security: “In 2024, I predict that there will be a persisting division between the private and public sectors as government AI policy implementation takes shape. Government agencies, along with private companies outside government, such as critical infrastructure, that are impacted by proceeding policies, will be forced to comply. However, a pronounced divide will emerge in cases where there are no government-mandated policies concerning private companies. These private entities will adhere to a wide range of AI approaches, and many will choose to create their own policies. I expect that this lack of consistency, in contrast to the structured government approach, will persist into the foreseeable future.”

2024 SECURITY PREDICTION INDUSTRY REPORT AWARDS   

Best and Most Comprehensive Vendor Report Overall: Google Cloud/Mandiant wins top prize for the first time ever with Cybersecurity Forecast 2024: Insights for Future Planning. Well done for taking the spot from Trend Micro, who falls to a close second with Critical Scalability: Trend Micro Security Predictions for 2024.

Most Creative Report: WatchGuard — Their 443 Podcast on YouTube video, along with their 2024 prediction blooper real, is always fun and creative and different than others. Great work, guys. For their actual prediction list, see their six items:

• Prompt Engineering Tricks Large Language Models
• MSPs Double Security Services via Automated Platforms
• AI Spear Phishing Tool Sales Boom on the Dark Web
• AI-Based Vishing Takes Off in 2024
• VR/MR Headsets Allow the Re-Creation of User Environments
• Rampant QR Code Usage Results in a Headline Hack

Favorite Overall Unique Prediction: Forrester —

Scariest, but Still Practical, Prediciton: Gartner — “7 Disruptions You Might Not See Coming: 2023-2028.”

The items are (but please watch the video):

• What If Geomagnetic Storms Knocked Out Your Internet Access?
• AI-Driven Legacy Modernization.
• Regulation: Limit the Evolution of AI, laws rights, (Trust AI providers will emerge).
• AI Creates a Golden Age for “Silver Workers” (helps solve tech talent crunch).
• Laggards Leapfrog Leaders — Startups for Sale.
• “Engineering Innovation Pace” — No pain, no gain.
• Space Race 2.0.

Most Common Prediction: AI and GenAI brings good, bad and ugly to the world (almost every list includes AI predictions).

FINAL THOUGHTS