BSA asked leading cybersecurity professionals at its member companies for their 2024 predictions on how to elevate cybersecurity for their organization. Their responses are below.
Henry Young, BSA Senior Director, Policy
2024 is the year that senior company leaders around the world will focus on integration.
The first type of integration directly involves C-suite leaders, where cybersecurity is increasingly understood as a strategic business issue that effective leaders can impact. Increasingly, cybersecurity is being prioritized in organizations in response to new laws and policies like the SEC’s cybersecurity regulations.
A second integration brings artificial intelligence (AI) solutions into other parts of the business to improve functionality and security. Industry and policymakers will need to work together to identify ways to encourage the use of AI to improve cybersecurity like developing more secure code; detecting, analyzing, and responding to vulnerabilities and threats; generating threat intelligence; and easing the cyber workforce gap.
Adam Cohn, Splunk Vice President, Worldwide Government Affairs
The new US SEC cyber regulations are one of the top cyber policy issues on the minds of public-company boards and C-suite leaders. For timely and accurate incident disclosure, public companies need the right people with the right information and proper controls. They must also have robust detection and analytics capabilities to make materiality determinations and ensure prompt remediation. The short turnaround timing of the reporting requirement will be challenging and could have negative consequences for cybersecurity in some cases.
Anjelica Dortch, SAP Senior Director & Head of Global Cybersecurity Policy
In 2024, the C-suite’s cybersecurity focus must shift to proactive resilience. We’ve entered an era where traditional defenses crumble against sophisticated, evolving threats. The top policy challenge? Harmonizing cybersecurity into a singular strategic melody as global regulation continues to grow. This means weaving security threads into every business decision, from supply chain vetting to software development. It demands composing incident response protocols that resonate across departments, with clear roles and escalation paths. C-suites must lead this transformation, using their voice to amplify security awareness. Their commitment should be the opening crescendo, setting the tone for a culture of continuous improvement. They must facilitate dialogues with policymakers, composing regulations that harmonize with their security orchestration. In 2024, cybersecurity policy can no longer be a faint background hum. By prioritizing strategic integration, fostering cross-functional collaboration, and engaging in constructive policy discussions, C-suites can ensure their organizations perform a secure and resilient symphony in the face of any cyber threat.
Patricia Ephraim Eke, Microsoft Director, Global Cybersecurity Policy
In the rapidly evolving technological landscape of 2024, C-suite leaders are faced with navigating the transformational impact of AI, including with respect to cybersecurity. As businesses undergo another seismic shift with AI’s mainstream integration, leaders must grapple with leveraging AI’s capabilities while ensuring safe, secure, and trustworthy implementation. AI has the potential to tip the scales in favor of global cyber defenders.
AI promises many benefits, but we must remain vigilant about the risks. AI must be subject to responsible governance and remain under the control of humans. This underscores the importance of international collaboration among all stakeholders in the cybersecurity community, including policymakers, governments, private sector, NGOs, and academia to advance AI for security and security of AI. Microsoft is committed to creating a secure foundation for AI, investing in proactive security measures, and promoting transparency within the digital ecosystem.
Mason Molesky, IBM Cybersecurity and Cloud Policy Executive
Every leader should know that generative AI for cybersecurity is a force multiplier. As AI is built into security tools, it will improve the execution of cybersecurity where professionals can better identify and address the increasing volume and velocity of threats. For example, machine learning can be used to identify and analyze patterns and key indicators of compromise, reducing the number of false positives and honing-in on the incidents which require human intervention and investigation. AI predictive modeling can help organizations to anticipate problems and proactively address them, reducing mean time to resolution and costs. IBM’s Cost of a Data Breach 2023 report found that using AI was the single most effective tool for lowering the cost of a data breach. Read more about the impact of AI on cybersecurity in “The CEO’s Guide to Generative AI: Cybersecurity” by IBM’s Institute for Business Value.