While many hope that macroeconomic conditions will improve in 2024, it looks like another tough year is in store. As always, cybersecurity will continue to be a dynamic business and tech domain that is impacted by many factors. Here are the trends that I believe will be shaping the upcoming year in cybersecurity.
Many new and existing cybersecurity tools will incorporate AI for defense. We’re already seeing this trend from companies such as Orca*, Torq*, and Endor. Different use cases in the realms of incident response, GRC, penetration testing, and data leakage (among others) aren’t far behind.
Security has always been constrained by the number of technical employees that CISOs can hire. Adding natural language processing (NLP) interfaces to existing security solutions will massively increase the number of people who can contribute to defending enterprises.
Like with other new technologies, security professionals will need to provide coverage to the growing utilization of AI by their own organizations. We’re already seeing new products targeting difficult problems in this space. For example, HiddenLayer—a RSA Innovation Sandbox winner for 2023—is protecting AI models, and Tonic AI’s* Textual is helping engineers safely train LLMs on private redacted data.
AI adoption will be a top priority for almost every company in the world in 2024. CISOs will look for products that allow them to be enablers rather than blockers to AI in their organizations.
With deglobalization happening around the world and increasing tensions between superpowers, I predict that more state-sponsored attacks will take place. These attacks will threaten critical infrastructure, day-to-day operations, and also private companies—with the goal of disrupting economies. This will introduce a new challenge to security organizations, which on the one hand are forced to become more fiscally efficient and on the other need to defend a growing attack surface against highly motivated attackers.
With the improvements in LLMs, costs for security attacks go down, which will increase their prevalence and sophistication. As GPT-4, Llama 2, and other foundational models help us optimize many aspects of our lives, these advances will also significantly boost the ability of criminals to launch sophisticated social engineering and other cybersecurity attacks. This could create an entirely new level of the cat-and-mouse game played by cybercriminals and security professionals.
For all the reasons listed above, we expect the regulator to introduce new requirements for companies to adhere to. The White House already published an executive order for artificial intelligence trust, and it’s safe to assume that more will follow. In addition, the latest spree of cybersecurity breaches from companies such as Okta and 23andMe will drive regulators to demand companies to further reinforce their posture, incident response capabilities, and disclosure practices in the cloud era.
We’ve seen CISOs increasingly get a seat in the boardroom and increasingly shoulder the blame for breaches that materially affect company health over the last few years. More regulation is likely to both heighten the CISOs’ importance in organizations—and intensify the pressure on the security org to perform.
Driven by difficult market conditions and the need to innovate amid a growing number of threats, the cybersecurity space will continue to see a lot of M&A activity in 2024. During a downturn, we’ll likely see more of the larger players in cybersecurity, and heavyweights coming into the space, fill tech gaps with acquisitions.
The string of high-profile cybersecurity acquisitions by CrowdStrike and Palo Alto Networks in 2023 may lead some founders to believe the odds of getting acquired have significantly improved. But as my colleague Dan Cahana and I explain in this recent article, the reality is not every startup is eventually going to reach a $200 million to $600 million outcome (PitchBook’s data shows 12 VC-backed cybersecurity acquisitions of more than $100 million over the last year, compared to hundreds of new companies being funded annually.)
Even so, it’s clear that cybercrime is here to stay—and for cybersecurity founders and builders, there is still plenty of room to innovate.
*Represents a company in GGV Capital U.S.’s portfolio