The cybersecurity landscape of 2024 has been marked by unprecedented challenges, significant breaches and evolving regulatory requirements that have fundamentally changed the way organizations approach data protection.
From record-breaking incidents to tough new legislation, this year provided vital insights into cyber security. He highlighted critical priorities for strengthening organizational defenses in an increasingly complex digital ecosystem. The growing sophistication of cyber threats and the expanding attack surface created by digital transformation initiatives have presented unprecedented challenges for organizations in all sectors.
The year is defined by record breaking
The year 2024 saw several devastating cyber security incidents that underscored the increasing sophistication of threats:
- The year began with the ongoing effects of the MOVEit supply chain breach, which affected more than 2,600 organizations and exposed 77 million records. The incident highlighted the cascading effects of supply chain vulnerabilities in a connected digital world and prompted a renewed focus on third-party risk management across industries.
- The national public data breach was particularly severe, compromising 2.9 billion records and affecting 1.3 million individuals. The unprecedented scale of this breach is sending shockwaves through the cybersecurity community and has prompted many organizations to rethink their data protection strategies.
- The healthcare industry faced a major crisis in the wake of the Change Healthcare breach, which affected 110 million Americans, underscoring the critical importance of robust data protection measures when handling sensitive medical information. The breach exposed vulnerabilities in healthcare systems and led to a nationwide disruption of patient care processes and medical billing.
- AT&T experienced cyber incidents that exposed 110 million customer records, resulting in an estimated $19.69 billion in financial losses. These incidents showed the serious consequences of inadequate cybersecurity practices and the long-term effects on customer trust and the financial health of the company. The breach led to widespread regulatory scrutiny and prompted calls for strengthened security standards in the telecommunications sector.
Financial charges for data breaches continued to rise dramatically, with global average costs reaching $4.88 million – a 10% increase from 2023. Additionally, 60% of organizations reported spending more than $2 billion annually on data breach litigation costs alone millions of USD.
These escalating costs can be attributed to a variety of factors, including the increasing sophistication of cyber threats, the expanding attack surface created by remote work arrangements, and increasing regulatory implications. Organizations also faced significant indirect costs, including reputational damage, lost business opportunities and reduced customer confidence.
SEE: US Sanctions Chinese Cyber Security Firm Over 2020 Ransomware Attack
Tool proliferation and third-party risks are emerging as critical concerns
The year also revealed significant vulnerabilities caused by a complex technology environment and relationships with third parties.
Organizations using seven or more communication tools experienced 3.55 times more disruptions than the average, highlighting the dangers of tool proliferation. While this proliferation of communication platforms has enabled greater collaboration and productivity, it has also created new vulnerabilities that have been difficult for cybersecurity professionals to address. The challenge of maintaining consistent security controls across platforms has emerged as a key priority for security teams.
The risk landscape was further complicated by organizations’ increasing reliance on external partners, with 66% of companies sharing sensitive content with more than 1,000 third parties. This dependency has contributed to a 68% increase in software supply chain attacks targeting file transfer systems.
The challenges associated with monitoring and controlling external content sharing have highlighted the need for comprehensive data protection strategies that transcend organizational boundaries. Many organizations have implemented new vendor risk management programs and improved their third-party security assessment processes in response to these challenges.
The regulatory landscape is becoming more complex
2024 saw a major regulatory development that changed the privacy landscape.
The implementation of the NIS 2 directive introduced personal liability for cyber security breaches in the European Union, raising the stakes for management and boards. This shift towards individual responsibility has highlighted the need for a top-down commitment to data protection and the integration of cyber security into the overall business strategy. Organizations have sought to update their governance structures and compliance frameworks to address these new requirements.
In the United States, several states have enacted comprehensive privacy laws that have created a complex tangle of requirements for the orientation of organizations. This expansion of regulation has led to significant financial consequences, with GDPR and HIPAA enforcement resulting in fines totaling $5.6 billion and $5.3 billion, respectively.
The complex regulatory environment particularly affected North American organizations, with 63% of them citing state privacy laws as a top concern, highlighting the need for harmonized and consistent data protection regulations. Many organizations have invested heavily in compliance management systems and privacy program enhancements to respond to these evolving requirements.
SEE: Patch Tuesday: Microsoft fixes one actively exploited security flaw, among other things
Emerging industry-specific threats and challenges
The rise of artificial intelligence and machine learning has brought new security challenges, with 50% of North American organizations citing AI/GenAI data exposure as a primary concern. These emerging technologies offer enormous innovation potential and require organizations to develop new strategies to manage unique security challenges. The rapid adoption of AI tools has raised concerns about data privacy, model security, and the potential for AI-based cyberattacks.
Cloud security emerged as another critical challenge, with cloud breaches up 75% year-over-year and 33% of breaches linked to misconfiguration. The case of single-tenant or multi-tenant cloud hosting has gained considerable attention as organizations seek more secure cloud deployment options. Security teams focused on implementing improved cloud security posture management tools and improving their cloud security architecture.
The threat landscape has evolved significantly, with non-malware attacks accounting for 75% of detected incidents and ransomware payouts increasing 500% to an average of $2 million. Using an AI-powered algorithm, we tracked various industries from 2018 to 2024, with hospitality, retail and manufacturing receiving the highest risk scores for the first half of 2024. The education and research sector saw the highest weekly attacks with 3,086 – and 37% year-on-year increase. This highlighted the need for increased security measures in academic institutions.
The federal government faced significant third-party risk, with 28% of agencies exchanging data with more than 5,000 parties. Meanwhile, the financial services sector consistently scored above all industries in the risk assessment. These sector-specific challenges have led to the development of targeted security frameworks and industry-specific best practices.
SEE: Best CSPM Tools 2024: Comparing the Best Cloud Security Solutions
Looking ahead: building cyber resilience
Several key priorities have emerged as organizations seek to strengthen their cybersecurity posture. Adopting zero-trust approaches has become essential, although 45% of organizations still struggle to achieve zero-trust content security. Comprehensive data protection strategies, including end-to-end encryption, data loss prevention tools, and robust access management practices, have become important.
Lessons from 2024 highlight the need for proactive, adaptive and comprehensive approaches to data protection and risk management. We covered them in more detail in our “2025 Predictions for Managing Private Content Exposure Risks”. Succeeding in an evolving threat landscape requires organizations to embrace continuous improvement, invest in robust cybersecurity measures, and foster collaboration across industries.
As we enter 2025, protecting sensitive data and maintaining customer trust remain not only business imperatives, but fundamental responsibilities in the digital age.
Tim Freestone, Chief Strategy Officer at Kiteworks, is a senior leader with over 17 years of experience in marketing leadership, brand strategy and process and organizational optimization. Since joining Kiteworks in 2021, he has played a key role in shaping the global content management, compliance and protection landscape.
