10 Cybersecurity Risks & Trends

10 Cybersecurity Risks & Trends

  1. Evolving Geopolitical Environment: The geopolitical environment significantly influences cybersecurity risks, creating a complex landscape for organizations and governments. Key factors include State-sponsored attacks, cyber warfare, misinformation and disinformation campaigns, and supply chain vulnerabilities.
  2. Increasing Regulations & Compliance Risk: Companies face an increasing number of privacy and security regulations and compliance requirements, which can be confusing and overwhelming, cause resource strain and non-compliance issues, and result in legal fines, reputational damage and loss of business.

    With the rise of data privacy and protection laws, such as GDPR in Europe and CCPA in California, requirements for how organizations collect, store and process personal data are common. Industry-specific regulations (e.g., PCI DSS, HIPAA) also have stringent security compliance requirements. Additionally, there is an emphasis for organizations to align with best practices and cybersecurity frameworks (e.g., NIST, ISO/IEC 27001, CIS Controls). Various audit, certification and assessment requirements (e.g., SOC 2, HITRUST) are now standard in contracts, as well as incident and breach reporting requirements. 
  3. Cybersecurity Leadership Still Lagging: There’s been significant improvement in recent years in regards to the priority and emphasis organizations place on cybersecurity; however, leadership continues to lag in addressing cybersecurity risks. Many organizations still have not placed cybersecurity specialists in senior management positions and continue to keep cybersecurity separate from organizational and business objectives. This is indicative of ongoing challenges related to the lack of executive understanding, ineffective communication, underinvestment in cybersecurity and cultural resistance.
  4. Lack of Preparedness & Resilience: Most companies are still insufficiently prepared for a cybersecurity disaster due to a lack of crisis preparedness, disaster recovery and business continuity planning; failure to conduct crisis exercises; vendor risk and insufficient third-party capabilities; escalating cost of cyber insurance; and overall poor cyber hygiene and security awareness within the organization.
  5. Vulnerable Infrastructure: Critical infrastructure remains vulnerable as many organizations rely on state and local agencies and third-party vendors who may lack sufficient security controls, particularly in the finance, utilities and government sectors (e.g., running unpatched and/or outdated legacy systems).
  6. Shortage of Qualified IT Security Personnel: There is an ongoing shortage of competent security personnel and the continued gap between the supply of cybersecurity talent versus the demand for resources. This continues to expose organizations across all industries to cyber risks.
  7. Artificial Intelligence (AI): AI and machine learning can be valuable and are important tools for cyber defense and navigating the cybersecurity landscape. However, this can be a two-edged sword. AI can be used to more quickly identify threat anomalies, analyze massive amounts of risk data, enhance cyber defense capabilities, and protect against sophisticated and malicious attacks. Conversely, threat actors use the technology to automate their attacks and more rapidly find and exploit vulnerabilities. As organizations look to integrate AI into their products, services and operations. appropriate governance and risk management is imperative. AI-enabled processes, systems and protocols should be evaluated and deployed responsibly, using frameworks like NIST and ISO.
  8. Cloud Services & Security: Cloud security continues to be a critical risk as many organizations continue to shift toward cloud services and the reliance on cloud-based applications and data storage. The increased exposure and entry points, misconfigured cloud settings and lack of sufficient IT expertise contribute to security challenges for organizations with cloud-based services. Although cloud solutions bring a range of benefits, including cost savings, scalability and efficiency, these environments are a target for attackers and have security implications, such as data breaches.
  9. Growth of IoT: The Internet of Things (IoT) is not new but continues to grow. It connects an increasing number of devices and remains a top cybersecurity risk due to various factors. Each connected device represents a potential entry point for cyberattacks, so more devices equal more vulnerabilities. Most devices are also built with minimum security, which makes them easy targets for attackers. With the lack of awareness and education related to the risks associated with IoT devices combined with the fact that most devices often collect sensitive data, this is a recipe for increased susceptibility and data breaches.
  10. Constantly Evolving Threat Landscape: The rapidly changing environment presents numerous cybersecurity risks that organizations must navigate. Although threats and risks, such as ransomware, phishing attacks, insider threats and remote workforce environments, are not “new,” they continue to advance, expand and evolve with new technologies. The tactics and methods used by attackers are more sophisticated and employ more refined techniques, requiring organizations to constantly evaluate, adapt and bolster their defense and response strategies. 


Tiffany-Garcia 2024.jpg

Tiffany S. Garcia, CISA, CICA
Managing Director & CWA Executive Board Member
Risk & Advisory Services


© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization. 

“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.

10 Cybersecurity Risks & Trendshttps://www.cbiz.com/Portals/0/Images/GettyImages-2156387160.jpg?ver=8Zv__TLjg66x4pixN8mbCA%3d%3d10 Cybersecurity risks and trends.2024-11-11T20:00:00-05:0010 Cybersecurity risks and trends.NoneYes