Top Cybersecurity Trends for 2024

Generative AI (GenAI), unsecure employee behavior, third-party risks, continuous threat exposure, boardroom communication gaps, and identity-first approaches to security are the driving forces behind the top cybersecurity trends for 2024, according to Gartner.

“GenAI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level,” said Richard Addiscott, Senior Director Analyst at Gartner. “Despite GenAI’s inescapable force, leaders also continue to contend with other external factors outside their control they shouldn’t ignore this year.”

2024 will see security leaders respond to the combined impact of these forces by adopting a range of practices, technical capabilities, and structural reforms within their security programs, to improve organizational resilience and the cybersecurity function’s performance. The following six trends will have a broad impact across these areas.

Trend 1: Generative AI - Short-term Skepticism, Longer-Term Hope

Security leaders need to prepare for the swift evolution of GenAI, as large language model (LLM) applications like ChatGPT and Gemini are only the start of its disruption. Simultaneously, these leaders are inundated with promises of productivity increases, skills gap reductions, and other new benefits for cybersecurity. Gartner recommends using GenAI through proactive collaboration with business stakeholders to support the foundations for the ethical, safe, and secure use of this disruptive technology.

Trend 2: Cybersecurity Outcome-Driven Metrics: Bridging Boardroom Communication Gap

The frequency and negative impact of cybersecurity incidents on organizations continue to rise, undermining the confidence of the board and executives in their cybersecurity strategies. Outcome-driven metrics (ODMs) are increasingly being adopted to enable stakeholders to draw a straight line between cybersecurity investment and the delivered protection levels it generates.

Trend 3: Security Behavior and Culture Programs Gain Increasing Traction to Reduce Human Risks

Security leaders recognize that shifting focus from increasing awareness to fostering behavioral change will help reduce cybersecurity risks. By 2027, 50% of large enterprise CISOs will have adopted human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption. Security behavior and culture programs (SBCPs) encapsulate an enterprisewide approach to minimizing cybersecurity incidents associated with employee behavior.

Trend 4: Resilience-Driven, Resource-Efficient Third-Party Cybersecurity Risk Management

The inevitability of third parties experiencing cybersecurity incidents is pressuring security leaders to focus more on resilience-oriented investments and move away from front-loaded due diligence activities. Gartner recommends security leaders enhance risk management of third-party services and establish mutually beneficial relationships with important external partners, to ensure their most valuable assets are continuously safeguarded.

Trend 5: Continuous Threat Exposure Management Programs Gain Momentum

Continuous threat exposure management (CTEM) is a pragmatic and systemic approach organizations can use to continually evaluate the accessibility, exposure, and exploitability of digital and physical assets. Aligning assessment and remediation scopes with threat vectors or business projects rather than an infrastructure component highlights vulnerabilities and unpatchable threats.

Trend 6: Extending the Role of Identity & Access Management (IAM) to Improve Cybersecurity Outcomes

As more organizations move to an identity-first approach to security, the focus shifts from network security and other traditional controls to IAM, making it critical to cybersecurity and business outcomes. While Gartner sees an increased role for IAM in security programs, practices must evolve to focus more on fundamental hygiene and hardening of systems to improve resilience.