Many firms will ramp up spending in this area, which will mean among other things beefing up their compliance functions.

Phishing attacks are becoming increasingly sophisticated. Those with foresight will invest in quality training to fill in the gaps, as this is seen as a major liability for tech firms.

Britain has left the EU, but Retained EU Law means that many of the regulations adhered to across the bloc still apply to the UK.

DORA and the European NIS2 will likely prompt equivalent or at least similar rule-making in the UK because it does not wish to be left behind in the race to address systemic risk and improve resilience in critical sectors.

Ransomware industry attacks are expected to grow in 2024. One in two businesses have been the victim of a cyberattack in the past 3 years.

Also, be prepared for insider threats.

The NIS2 Directive aims to strengthen cybersecurity across the EU, giving Member States until October 17, 2024, to implement the directive into local law.

Thanks to US government offices and high-ranking officials being seriously affected by attacks this year, the government is on a tear in watching what businesses do about reporting, paying ransoms, and defending their networks.

This is because some of the same criminals strike both and are emboldened when they make off with a decent haul of either data, cash, or both from the business sector.

The growth of state actors as cybersecurity threats will continue – further contributing towards tensions between big tech and government. It will be interesting to keep an eye on whether the general level of public trust in systems and institutions is affected to any great degree by increasing knowledge of cyber threats, deepfakes etc.

This could prompt one of those periodic reassessments of the motives of the Luddites.

We will see more and more companies and individuals getting attacked and hacked with new technologies that will make threats harder to detect and combat.

And with the current geopolitical state, wars, and inflation – and the ease of use and accessibility of hacker tools – the number of cybercriminals will rise as well. 

Big companies will invest more money and time into security training and technology in response, but I don’t think smaller firms will have the same budgets to set the cybersecurity standards they need to keep their businesses safe.

The human capacity to adapt should not be underestimated. As we learn to distrust systems and work to protect each other the threat will start to recede.

And then we shall see how we fare against AI!

Cybersecurity is also an existential threat for private AI. If AI technologies go in the same direction as cryptocurrencies – in other words if their use by criminals becomes rampant – the entire industry will be shut down by most governments.

AI research will continue – but not in the private sphere.