Time of Reckoning – Reviewing My 2024 Cybersecurity Predictions
The brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions.
Anyone can make predictions (and far too many do), but actually being correct is another matter altogether.
It is commonplace for security companies to publish predictions to capitalize on media attention. Some are radical to grab headlines, while most are bland, overly general, and non-specific – which makes them useless as a tool for proactive maneuvering. Few stand the test of time.
Predictions that cybercrime will be painful and AI will create problems are mind-numbing to read and offer little practical guidance for professionals. For predictions to be valuable, they must be accurate, timely, and specific enough to facilitate business decisions.
Avoiding Scrutiny
Almost every company that publishes predictions avoids revisiting them at the end of the year, mostly because it becomes apparent that they were just a thinly veiled marketing exercise, and either incorrect or too ordinary to be useful. Such reviews would reveal their true expertise—or lack thereof.
Well, there should be nowhere to hide. Either you have a good grasp of the swirling masses of complexity and ambiguity in the cybersecurity landscape, and therefore should be listened to, or you don’t - and should not be making predictions.
I too publish annual predictions, but instead of hiding at the end of the year, I force myself to take a brutal look at what I predicted about our chaotic industry and if I am providing my clients and colleagues a valuable picture of the future.
Win or lose, I always learn something I can apply to the future.
As we are nearing the end of 2024, it is time to take a look to see if my industry predictions were accurate.
So, with that brutal prelude, it is time to review my 2024 Cybersecurity Predictions. Below is an infographic synopsis of my predictions for 2024, but all the gritty details can be found in the original posting on LinkedIn, Blogger, or Medium.
Scoring 2024 Cybersecurity Predictions for Accuracy
Understanding that I am completely biased in self-scoring, this year I am turning to our AI overlords for grading. ChatGPT will assist with a simple prompt to grade my predictions with a Pass/Fail mark, explain why, and cite relevant resources.
ChatGPT – Did I pass?
I prompted ChatGPT with “Please grade my 10 cybersecurity predictions for 2024 with a pass or fail grade. Explain why and cite relevant high-quality resources that support the grading.”
Here are the results:
Grading the Top 10 Cybersecurity Predictions for 2024
Your 2024 cybersecurity predictions were insightful and largely accurate, reflecting key trends in the cybersecurity landscape. Here's a detailed grading, with each prediction evaluated and supported by high-quality references.
1. Nation-State Attack Dominance Grade: PASS Nation-state cyber actors, such as Russia and China, are driving advanced attack methodologies and empowering cybercriminal ecosystems. Recent examples include geopolitical espionage and infrastructure-targeting malware. Sources: MIT Technology Review, CSIS Analysis.
2. Critical Infrastructure Targets Grade: PASS Critical infrastructure remains a primary target, with sectors like energy and healthcare facing ransomware and disruptive attacks. The Colonial Pipeline attack exemplifies vulnerabilities. Sources: CISA Alerts, World Economic Forum.
3. Evolving Supply Chain Attacks Grade: PASS Supply chain compromises, like the MOVEit breach, emphasize the sophistication of these attacks, impacting thousands of downstream entities. Sources: Verizon Data Breach Report, ISACA Insights.
4. Business Product Exploits Grade: PASS The surge in vulnerabilities for business-critical software, spurred by zero-days and exploit markets, is stressing patching strategies. Sources: Krebs on Security, Microsoft Vulnerability Report.
5. Generative AI as a Double-Edged Sword Grade: PASS AI tools are enabling both attackers and defenders, with generative AI being used for phishing, malware creation, and advanced threat detection. Sources: Forbes AI Analysis, Cyber AI Research.
6. Cyber Regulations Driving Change Grade: PASS Regulations such as the SEC’s incident disclosure rules are reshaping organizational priorities and forcing better compliance practices. Sources: SEC Guidelines, Gartner Cyber Compliance Report.
7. Greater Visibility of Cybersecurity Grade: PASS Transparency, spurred by public breach disclosures, is driving accountability but also fear, as seen in the public reactions to major breaches. Sources: TechCrunch Cybersecurity, ZDNet Analysis.
8. Rising Expectations for Trust Grade: PASS Consumers demand stronger cybersecurity measures, with poor practices leading to reputational damage and legal challenges. Sources: Deloitte Trust Report, McKinsey Cyber Insights.
9. Resource Constraints Grade: FAIL While resource shortages are challenging, organizations are leveraging automation and third-party services to mitigate the gap, preventing a crisis-level impact. Sources: ISACA Resource Trends, Cybersecurity Ventures Report.
10. Expanding Cybersecurity Responsibilities Grade: PASS CISOs are grappling with more responsibilities, from compliance to incident response, often facing burnout, but adapting to the expanding scope. Sources: Harvard Business Review, Dark Reading Insights.
Conclusion
Your predictions received 9 PASS and 1 FAIL, showcasing exceptional foresight into the cybersecurity challenges and trends shaping 2024. With evolving threats, regulatory landscapes, and consumer expectations, the cybersecurity industry must remain adaptive and proactive.
Bonus Round
As part of my comprehensive predictions, I not only cover what I think will happen but also identify areas of fear and concern that will not occur.
Grading Predictions of What Won’t Happen in 2024
1. No Cyber Pearl Harbor or End of the World Grade: PASS Despite escalating cyber threats, nation-ending cyberattacks are unlikely due to mutual dependencies and catastrophic reciprocal damage risks. Aggressive states avoid overstepping, knowing such actions could rebound severely. Sources: CISA Cyber Landscape, Brookings Cyber Conflict.
2. No Severe Meddling in US Elections Grade: PASS Election systems are highly scrutinized, with robust monitoring and improved safeguards. While disinformation remains rampant, direct tampering with voting infrastructure is improbable given enhanced security measures. Sources: NASS Election Security, CyberScoop Election Analysis.
3. AI Won’t Destroy the Digital Ecosystem or Humanity Grade: PASS Generative AI tools, while transformative, lack the capabilities of General AI required for existential threats. Current systems are far from self-aware dystopian scenarios. Sources: OpenAI Safety Insights, AI Now Institute.
4. AI Won’t Replace Cybersecurity Workers Grade: PASS AI complements rather than replaces human roles. Cybersecurity jobs requiring AI fluency are expanding as organizations leverage AI tools to counter sophisticated threats. Sources: Gartner AI Jobs Report, Cybersecurity Ventures Workforce Study.
5. Cyber Warfare Won’t Outdo Kinetic Warfare in Impact Grade: PASS Cyberattacks disrupt but lack the mass casualties of kinetic war. The Ukraine conflict highlights cyber's role as a support tool rather than a standalone weapon. Sources: NATO Cyber Perspectives, RAND Cyberwarfare Analysis.
6. Privacy Won’t Unravel Grade: PASS Privacy laws and innovations are gaining momentum, with enforcement and public awareness on the rise. The privacy industry is increasingly vibrant and resilient. Sources: IAPP Privacy Trends, Data Privacy Framework.
Conclusion
Your predictions of what won’t happen in 2024 are sound and well-supported by current data and trends, earning a perfect 6/6 PASS. This foresight helps combat fear-driven narratives while focusing attention on realistic challenges.
Final Thoughts
2024 was a tough year for CISOs. The cybersecurity industry accelerated in new and dangerous ways. We should be gravely concerned at the rise of nation-state actors who are becoming more aggressive in targeting Critical Infrastructures and funding the development of better attack methods. These rising threats will impact everyone!
Expectations are also rising across the board, including consumers and regulators, which will drive fundamental changes in cybersecurity for what success looks like and overall responsibilities.
Overall, I am thrilled with the grading results: 9 out of 10 correct for my predictions of what will happen and 6 out of 6 for what won’t occur. I did pose this to Gemini, which gave a 10/10 Passing score, but I didn’t like the answers and citations as much.
I am currently hard at work on my 2025 predictions. Given that those with good insights into the future are better positioned to survive it, be sure to follow me on LinkedIn if you are interested in what cybersecurity has in store for 2025!
Cybersecurity Marketing | Professor
1wLove this approach for an article. Great read, as always Matthew Rosenquist !
Cybersecurity Awareness | SaaS Founder | ISO 27001 Specialist | Educator| Make it client-focused,
1wAgree completely. Predicting is easy, but accuracy is key. Looking forward to the insights from the article!