The Top 2024 Cybersecurity Priorities for UK CISOs and Security Leaders Revealed in Report by Info-Tech Research Group

Info-Tech’s Security Priorities 2024 report delves into the pressing issues that UK IT and security leaders must prioritise over the coming year, including the cybersecurity talent shortage, the rise of AI-driven threats, the integration of security risks with business risks, the adoption of zero-trust frameworks, and the increasing significance of automating security operations. The global IT research and advisory firm explains in the report that by addressing these priorities, organisations can better prepare themselves to face the evolving threat landscape.

LONDON, June 6, 2024 /PRNewswire/ — With cyber threats becoming increasingly sophisticated, organisations are facing unprecedented challenges in safeguarding their digital assets. Recognising the urgent need for robust and dynamic security strategies, Info-Tech Research Group has published its Security Priorities 2024 report. The report underscores the critical need for organisations to adapt their security measures in response to the constant changes in cyber threats in 2024 and beyond. The firm’s research highlights the importance of a strategic approach, emphasising the need for clear oversight and effective implementation strategies to develop, deploy, and monitor security initiatives that enhance an organisation’s resilience against threats.

Info-Tech Research Group's Security Priorities 2024 report provides cybersecurity leaders with insights and recommendations on the most critical security issues for 2024 to prepare their organisations to respond to an evolving threat landscape.

‘The emergence of advanced technologies has created opportunities for organisations and security leaders to explore unique approaches to these challenges while also enhancing existing capabilities,’ says Ian Tyler-Clarke, executive counselor at Info-Tech Research Group, UK. ‘These approaches include addressing the talent shortage through upskilling and establishing a foundation for, and implementing, AI technologies. All opportunities need to be assessed through a governance and risk lens.’

The Security Priorities 2024 report reveals the pressing issues that IT and security leaders must prioritise and advocate for a pivot from traditional, reactive security postures to proactive, predictive security strategies. The annual report emphasises the importance of fostering a security-centric culture across the organisation, enhancing collaboration between security teams and other business units, and developing agile security frameworks that can adapt to new threats and business needs.

‘The threat landscape has been exacerbated by the various emerging attack vectors, such as credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks,’ says Ahmad Jowhar, research analyst and lead author of the report. ‘The rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats.’

Info-Tech’s latest report is based on comprehensive research, including insights from the firm’s Future of IT survey and in-depth interviews with IT and security professionals across various industries and regions. The diverse approach ensured that the experiences of leaders from both small and large organisations were incorporated into the report and covered a broad spectrum of security budgets. The insights collected and analysed by the firm reflect the realities of managing cybersecurity in different organisational contexts, from multinational corporations to nimble startups, providing a well-rounded view of the challenges and strategies at play in the current security landscape.

Leveraging the firm’s research findings and data, the Security Priorities 2024 report outlines the following five high-priority initiatives security leaders and their organisations should implement to confidently address security risks for 2024 and the years to come:

Develop and Optimise Cybersecurity Workforce. For the third consecutive year, talent shortage has remained the most pressing cybersecurity challenge, as highlighted by Info-Tech’s survey data. Respondents rated the difficulty of hiring enough security professionals to meet demands at an average concern level of 3.32 out of 5. Security leaders must identify their current skills gap and organisational needs, define their current security resourcing plan, and determine their approach to acquiring the necessary expertise.
Secure the AI Revolution. As many organisations are working to leverage the power of AI, measures must be in place to ensure an effective adoption of the technology. Establishing AI governance should be one of the initial initiatives within an organisation’s AI roadmap to ensure a strong and ethical risk management framework is in place. However, according to the report, over 40% of organisations don’t have AI governance in place. In order to address potential vulnerabilities, Info-Tech advises security leaders to prioritise identifying their organisation’s AI goals, determine existing security gaps, and formalise a comprehensive AI governance framework. This framework must define clear accountability, responsibilities, and risk management strategies for AI deployments.
Embed Security Risk Management with the Enterprise. With the increasing adoption of AI, organisational reliance on third-party vendor platforms and capabilities will also grow exponentially. This reliance on vendors means increased information sharing and places greater accountability on CISOs or security leaders to safeguard an organisation’s information assets. Despite this critical need, many organisations lack mature vendor risk management practices. As outlined in the report, in many organisations, the responsibility of vendor risk inadvertently falls on the CISO, given their role in protecting sensitive information and assets. To address this issue, security leaders must evaluate their organisation’s existing third-party risk management practices, establish comprehensive policies, and ensure third-party risk management is communicated effectively to executive leadership.
Operationalize Zero Trust Strategy. As cyberattacks increase in sophistication due to the advancement of emerging technology and evolving attack techniques, organisations are evaluating various defence strategies to protect their most critical assets. The report emphasises the adoption of a zero trust framework as an effective measure to enhance an organisation’s security posture and align with its business objectives. A zero trust model can significantly reduce an attacker’s capacity for lateral movement within a network, enforce least privilege access across critical resources, and minimise the organisation’s overall attack surface. Info-Tech recommends security leaders adopt an iterative and scalable approach to developing a zero trust roadmap, allowing for continuous improvement and strategic deployment with an initial focus on critical surfaces. Security leaders can start by defining their zero trust strategy, assessing and identifying key capabilities and processes, formulating a comprehensive roadmap, and then consistently monitoring initiatives to identify enhancement opportunities.
Automate and Autonomize Security Processes. With automated and AI-based threats becoming increasingly prevalent, the need for security process automation and autonomization has become more pronounced. Organisations should evaluate their capacity for refining security processes to proactively defend against sophisticated attacks and maintain a technological edge. However, the firm’s research shows that not all security processes are prime candidates for automation, as they could introduce risks if automated. The report recommends security leaders start streamlining their security processes by first defining automation objectives and assessing the current and desired states of their security operations to identify any gaps. Subsequently, they should determine the suitability, value, and risks associated with automating each security process, thereby prioritising initiatives accordingly. Finally, a detailed automation roadmap that aligns with the organisation’s strategic objectives must be developed and effectively communicated to executive leadership in order to obtain support.

The 2024 report also includes customisable templates that security leaders can utilise to effectively communicate their organisation’s key security priorities to stakeholders and executives, ensuring a clear understanding of the required security measures.

In the face of ever-evolving cyber threats, the Security Priorities 2024 report provides security leaders with a blueprint for safeguarding their digital environment. By implementing the priorities based on their unique organisational goals and needs, security leaders can enhance their security posture, proactively address and mitigate vulnerabilities, and build a culture of resilience against the cyber threats of the future.

For exclusive media commentary from Ian Tyler-Clarke or Ahmad Jowhar, experts in cybersecurity and privacy, or to access the complete Security Priorities 2024 report, please contact [email protected].

Info-Tech LIVE 2024

Registration is now open for Info-Tech Research Group’s annual IT conference, Info-Tech LIVE 2024, taking place September 17 to 19, 2024, at the iconic Bellagio in Las Vegas. This premier event will also offer journalists, podcasters, and media influencers access to exclusive content, the latest IT research and trends, and the opportunity to interview industry experts, analysts, and speakers. To apply for media passes to attend LIVE 2024 or to gain access to content and expert insights from the event, please contact [email protected].

About Info-Tech Research Group

Info-Tech Research Group is one of the world’s leading research and advisory firms, proudly serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organisations.

To learn more about Info-Tech’s divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights.

Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm’s Media Insiders program. To gain access, contact [email protected].

For information about Info-Tech Research Group or to access the latest research, visit infotech.com and connect via LinkedIn and X.