The year 2024 just started, so it’s time to share our predictions for what the new year has in store for the cybersecurity market. Like many others, we expect the cybersecurity industry to endure a gloomy economic environment. The result is a scrutinization of cybersecurity investments and layoffs. Organizations will come under more pressure from both the customer base and regulators to improve and document security measures. The SEC indictment against SolarWinds and CISO, the expanding data protection regulations, and NIS2 will pressure organizations to prevent and manage breaches. And threat actors take cyberattacks to the next level, narrowing in on the mid-market. CISOs need to navigate troubled waters and find ways to do more with less.  

Here are five things we expect for 2024:  


Christian Have
Christian Have


Decentralized Cybercrime Networks emerge  

Cybercriminals will increasingly use decentralized networks on the dark web and crypto-currencies to ensure a higher degree of anonymity for both the perpetrators and their financial transactions. By decentralizing their operations, cybercriminals will make it significantly harder for authorities to track and dismantle their networks. The FBI and other law enforcement agencies recently seized BlackCat’s main leak site only to discover that the group unseized the site hours later and its affiliates went rogue, contacting victims directly. The result is further decentralization and support from LockBit, one of the group’s biggest competitors. The two are now in talks hoping to form a cartel to mirror the collaboration between law enforcement agencies. This structural change in the cybercrime landscape poses a considerable challenge. The decentralized nature of these networks fosters innovation among criminals, leading to the development of new, highly sophisticated attack methods. Combating cybercrime will then require technological advancements, closer international collaboration, and policy initiatives to address the root causes of this decentralization trend. 

The Mid-Market embraces MDR   

The perfect storm is hitting the mid-market hard, as mid-sized businesses face sophisticated threats without adequate defenses. Mid-market enterprises will actively embrace Managed Detection and Response (MDR) in 2024, allowing these businesses to leverage advanced threat detection technologies, skilled cybersecurity experts, and proactive incident response strategies.  

This shift towards MDR solutions signifies a fundamental change in how mid-market businesses approach cybersecurity. Entrusting their detection and response to specialized experts enables organizations to safeguard their critical assets and maintain customer trust by demonstrating their commitment to cybersecurity amidst challenging times. Using MDR to navigate the threat landscape ensures compliance and fortifies security posture. As a result, the MDR industry will experience significant growth, reflecting the broader shift in organizational priorities: focusing on core business activities while relying on dedicated cybersecurity partners to navigate the intricate and ever-evolving landscape of cyber threats and regulations. 

Commoditization of Ransomware-as-a-Service (RaaS)  

RaaS platforms provide malicious actors with user-friendly interfaces and tools, allowing them to execute ransomware attacks with minimal technical expertise. Consequently, the frequency of attacks is surging, affecting businesses of all sizes. Small and mid-sized organizations, often lacking robust cybersecurity measures, become especially vulnerable targets. We’ve recently seen ransomware groups like 8base target these organizations specifically.  

The attacks disrupt operations, compromise sensitive data, and force victims into difficult situations where paying ransoms might seem the only option. The proliferation of RaaS platforms further complicates law enforcement efforts as the barrier to entry for cybercrime diminishes, enabling a broader range of individuals to participate in illicit activities. 

We are already seeing early indicators that initial access brokers (IABs) are under pressure to cut price points on the information they sell about infected breach-ready environments. This will inevitably push threat actors to commoditize their extortion and ransomware operations even further, forcing them to play a numbers game and target a more significant number of smaller organizations to net the same profits as before. Moreover, ransomware will become even more commoditized as GenAI paves the way for the creation of convincing phishing scams and malware. 

Effective use cases for GenAI bring an end to AI-washing 

GenerativeAI Large Learning Models (LLMs) dominated the agenda this year, leading to some bandwagonism as numerous vendors sought to capitalize on the nascent technology. That will change in 2024 as the market begins exploring practical applications and where GenAI can deliver value. We can expect GenAI to assist with incident response, for example, in terms of analysis of the data produced during an investigation and formulating responses. Those who have integrated their solutions with proprietary GenAI APIs rather than AI-washing will use their early adopter experience to deliver on the potential of this technology. 

Board-level executives will come under unprecedented strain 

Corporate boards will face unparalleled pressure and distress as they navigate a landscape marred by relentless cyber threats, budgetary constraints, and regulatory demands. Economic uncertainty, decentralized cybercrime networks, a scarcity of skilled professionals, and the impact from ransomware will force boards into a defensive stance, wrestling with the grim reality that their organizations are prime targets for cybercriminals.  

NIS2 regulations come into effect in October 2024, and many more organizations based in the EU or with operations in that market will need to comply. Those in scope will be under more pressure to prevent and manage breaches. There will also be more personal culpability, with senior and board-level members held personally accountable in case of a breach where the requirements have not been met. As a result, there will be a significant focus on battle-testing systems and processes to bolster defenses and prove due diligence. 

Faced with the fear of reputational damage, financial losses, and legal consequences, boards must make difficult decisions about resource allocation, strategic partnerships, and the very survival of their business. As cybersecurity breaches move from possibility to probability, the pain experienced by boards will underscore the importance of proactive cyber risk management and digital defenses. 

2024 will be a trying year 

One thing is for sure. There’s a real risk that 2024 is going to suck. CISOs, especially in the mid-market, must find ways to deal with conflicting trends in the market. They need to understand how well-protected they are, how attacks and the threat landscape work, and how to shut down security incidents with less workforce and resources. However, with technology that automates detection, investigation, and response processes, guides the limited security staff in the right direction, and collects and analyzes data to demonstrate compliance, CISOs can stay on top and thrive through the storm.