In 2023, boards of directors across different industry verticals took a more active role in cybersecurity oversight, largely driven by the increased business risk associated with evolving threats and the potential impact of new regulations. This enhanced engagement reflects a growing recognition that cybersecurity is not just an IT issue, but a critical component of effective overall risk management practices.
So what should directors be preparing for in 2024? The Google Cloud Cybersecurity Forecast 2024 report equips security professionals with insights on cybersecurity trends in the year ahead based on frontline intelligence from our experts across Google Cloud. It provides an opportunity for directors to think about the resources and capabilities needed to address these business risks in the year ahead.
Throughout 2023, Google Cloud has provided directors with a series of resources covering their role in cybersecurity, risk governance and digital transformation via our Board of Directors Insights Hub. We published three Perspectives on Security for the Board, which encouraged boards to adopt the following three principles for effective oversight: 1) get educated, 2) be engaged and 3) stay informed. As we prepare to embark on 2024, it is worth thinking about the steps directors can take now in these areas.
GET EDUCATED FOR 2024:
A great starting point is reading the Google Cloud Cybersecurity Forecast 2024 report to understand the risks that could impact your business in the year ahead. The report represents a close collaboration among numerous Google Cloud security teams, including Google Cloud’s Office of the CISO, Mandiant Intelligence, Mandiant Consulting, Chronicle Security Operations and VirusTotal.
Directors should be keenly aware of how the following could impact their business:
• Attackers incorporating AI into their operations and defenders using it to strengthen detection and response
• Nation-states continuing to conduct cyber operations to achieve their geopolitical goals
• Attackers continuing to exploit zero-day vulnerabilities and using other techniques to evade detection
• A rise in hacktivism and other cyber activity related to major global conflicts, elections and the Summer Olympics
• Shifting trends in the development of malware, making it quicker to create and harder to detect
CONTINUE TO BE ENGAGED IN 2024:
New tools and technologies have expanded the threat landscape significantly in recent years, introducing risks that—if exploited by attackers—could result in substantial financial losses, reputational damage and operational disruptions. Additionally, the potential for new cybersecurity regulations has heightened the need for directors to demonstrate strong oversight of cybersecurity risks.
If the past has taught us anything about security, it is to expect new and evolving threats in 2024. As highlighted in the Google Cloud Cybersecurity Forecast 2024 report, “The cybersecurity landscape is constantly evolving, sometimes in new and unexpected ways. Defenders, often with limited resources, have the monumental task of keeping up.”
Directors should already be working with the key players within their organization on how they are addressing these evolving risks, including their business leadership (including the CEO and COO), chief information security officer, chief technology officer and chief risk and compliance officers. It is important to develop and support dedicated cybersecurity committees, enhance cybersecurity expertise at the board level and require frequent updates on cybersecurity risks and mitigation strategies.
Directors should use the Google Cloud Cybersecurity Forecast 2024 report as a tool to engage their key stakeholders and ensure they are prepared for what comes next.
STAY INFORMED IN 2024:
Increased engagement from directors is largely seen as a positive development for cybersecurity, as it helps ensure that companies are taking the necessary steps to protect themselves from cyber threats. Directors need to also think about the impact other topics can have on cybersecurity. For example, legacy systems may not be built or designed to be as secure as more modern technology infrastructure (typically cloud or cloud-like on-premises). Failing to upgrade a business’s overall IT infrastructure or modernize its software development approach can leave the entire technology platform vulnerable to attack.
Given the important role directors play in effective risk management oversight, Google Cloud will continue to engage the community in 2024, both through the ongoing publication of our Perspectives on Security for the Board reports, and also through other engagement opportunities. We encourage you to bookmark our Board of Directors Insights Hub, and visit it often to hear more about our latest efforts.
