Our top five cybersecurity predictions for 2024


Predicting what’s going to happen in an industry as dynamic and fast-moving as cybersecurity is tough. But we at Expel love a good challenge, so we compiled a number of predictions from around the org on the cybersecurity trends, developments, and evolutions we think will have a big impact on companies in 2024.

Check ‘em out.

1. CISOs need to show value to the whole business

“It was true this year and it’ll be true in 2024: CISOs [Chief Information Security Officers] need to focus on driving for efficiency and demonstrating ROI to other parts of the business, especially to the CFO. When economic storms brewed in 2023, we saw CISOs struggle. Those that couldn’t crest the challenge had a hard time defending their security budget and, in many circumstances, failed and lost those budgets. Any way you shake it, the 2024 business environment is likely to be challenging. I anticipate continued fiscal conservatism in most markets, which means next year will be more of the same until CISOs learn to speak the language of the CFO—communicating risk and showing ROI on security spend. It’s all about dollars and sense (pun intended).” – Dave Merkel, CEO and Co-Founder

2. Companies must know their resilience

“As the lines between ‘preemptive hardening/posture assessment’ and detection and response continue to blur, end-users will increasingly expect security solutions to provide a more comprehensive view of their resilience profile. The solutions that incorporate risk and posture awareness into their alert detection, investigation, and response workflows (and vice versa) will ultimately deliver the best outcomes for organizations and come out on top.” – Yonni Shelmerdine, Chief Product Officer

3. New year, same attackers

“The main threats of the coming year are, in fact, actually the same threats and the same people of years past. Year-over-year, we see the same groups and individuals execute attacks successfully. These adversaries have built infrastructure that allows them to carry out attacks, and they have the skills to pull it off—something AI [Artificial Intelligence] can’t provide.” – Aaron Walton, Threat Intel Analyst

4. Risk reduction will become part of the ROI conversation

“For years, we’ve talked about ensuring that security enables the business. Adding tools and people ad infinitum is not sustainable for businesses, which means 2024 is the year the business comes to security. There will be frank conversations about what level of investment makes sense for a company, and what level of risk reduction they can expect in return for that investment. Which problems to solve internally, and what to outsource. What risks to address with the program, and which to externalize with insurance or offset with other levers. These conversations will drive the future of the entire security ecosystem, as businesses decide how to finance the reduction of cyber risk in their environment.” – Greg Notch, Chief Information Security Officer

5. AI must be safe to deliver real value

“AI continues to loom over every market, and security is no exception. Buyers are going to have an increasingly difficult time discerning what’s real, what’s marketing, where real value lies, and what it’s worth monetarily. Ideally, buyers shouldn’t have to care whether or not a product or service is produced, supplemented, or aided by AI, as long as they receive the best outcome for the best value. But as with any new technology, AI also brings with it a new set of uncharted challenges—both for buyers and the vendors charged with keeping the technology safe.” – Dave Merkel

In January, we release our Annual Threat Report, where we share our findings and intel from the past year, as well as take an informed look at the year ahead to forecast how the cybersecurity landscape will shape up. While we work on that report, take a look at our 2023 edition.

UPDATE – The Expel Annual Threat Report 2024 is now live! Download that report to read about the latest, and if you’d like a sneak peek at some of the findings and predictions it includes, check out our blog post.