Skip to main content

Perspectives Home / Trends

13 Tech and Security Trends to Look Out for in 2024, According to CxOs 

CTOs, CIOs and CISOs from across industries weigh in on what to expect for AI, zero trust, talent and more.

It isn’t easy to peek into the future, especially of late. In fact, it’s challenging enough to keep up with what’s happening right now, what with AI chatbots becoming our job interviewers, lab-grown meat promising cruelty-free steak, the renaming of Twitter — and who knows what else. Nonetheless, we asked a few security and technology experts to give us their best guesses as to which way the winds are starting to blow in 2024. 

Some posit that the same challenges we’re experiencing now, from ransomware to talent shortages, will persist. Others anticipate that you just can’t foresee what’s to come, and so being able to respond and remediate quickly when some new threat surfaces is crucial. 

Life in 2024 will be an interesting puzzle: understanding and overcoming the challenges we already face, while also reacting quickly to the curveballs that will inevitably hurtle our way. Some experts share some predictions and a few tips on how to best prepare for what’s next.

Resilience? It ain’t optional.

You're going to need to be able to cope with new threats that you have no knowledge of right now. And you're not going to be able to predict with complete accuracy how the environment is going to be changing. Even if you have a well-developed risk picture to inform decisions, one way of thinking about that is that it is still just a highly educated guess. 

So you need to be very flexible and highly capable. Nirvana, from a defensive perspective, is to be able to say, “We've just protected ourselves against [this new thing]. We didn’t know anything about it in advance, but we worked that out after we'd stopped it from happening.” That's where you really want to go. — Joe Fogarty, Head of the Cyber Resilience Centre, UK

Resilience really is front and center. Your services should be resilient not just in the face of cyberattacks, but it should also be resilient to an earthquake or a big surge in customers. If you make a service really resilient, it should be more resilient to cyberattack. — Dave Marshall, Head of Cyber Security Operations, Home Office, UK

AI WON’T become table stakes in business — yet

Some organizations will implement and use LLMs for non-critical or supplementary services, but this year won’t be make-or-break for companies to use new AI services for business-critical processes. Instead, this year will see organisations understand the value of ML and AI to make better decisions on where to use it. This will mean an increase in statistical analysis and some less heavy-weight ML capabilities for domain-specific outcomes that aid existing processes. — Shaun Cooney, Field CTO & Strategic Advisor - Technology & Innovation, Splunk

 However, the use of AI and machine learning for both cyberattacks and cybersecurity is on the rise. This cat-and-mouse game between attackers and defenders is expected to intensify. — Matt Swann, Strategic Advisor, Splunk & former CTO, Nubank,

Or, AI will find its footing in observability applications and will soon become a requirement

As AI makes meaningful impacts in the enterprise, AI will underpin mission-critical, customer-facing workloads, and as they scale, enterprises will care more and more about making sure they are securely up and running.  Observability in AI will help organizations identify, detect and respond to disruptions more quickly in AI powered digital services. — Cory Minton, Field CTO, Splunk & CEO,

IoT, supply chain, endpoint — security challenges will increase

As the Internet of Things (IoT) continues to grow, concerns about the security of IoT devices and the potential for large-scale attacks leveraging these devices will remain a significant issue.

Meanwhile, high-profile supply chain attacks like the SolarWinds incident highlighted the vulnerability of software supply chains. These attacks are expected to prompt increased scrutiny and efforts to secure the software supply chain.

And with the shift to remote work accelerated by the COVID-19 pandemic, securing remote endpoints and ensuring the integrity of remote access solutions are top priorities. — Matt Swann

Cyber risk will take center stage at board meetings

Cyber will continue to be top of mind for the board of directors. As measuring and quantifying the risk of cyber attacks becomes even more sophisticated and complex, we can expect to see more board-level cybersecurity committees formed for increased oversight, visibility and quantification across organizations.  These newly formed committees will also be tasked with aligning to future data privacy and security regulations, legislation and mandates as they continue to evolve. — LaLisha Hurt, Industry Advisor (Public Sector, Federal Government), Splunk & former CISO

Data privacy will take center stage

We’re going to see a significant investment in privacy-related technologies. The European Union has GDPR, but within the U.S., each state has independent privacy regulations — and some don't have cybersecurity regulations at all. So we’ll seeprivacy take a front seat, and security's gonna be a byproduct of increased privacy regulation. — Leonard Wall, Deputy CISO, Clayton 

Governments worldwide are expected to introduce or update regulations related to data privacy and cybersecurity, impacting how organizations handle and protect data. — Matt Swann

Regulations and future legislation will become drivers for significant change. Regulations will see national organizations consider data sovereignty seriously, multi-national organizations will launch significant change programmes to consider the impact of legislation on their data strategies, IT and security operations. — Shaun Cooney

Ransomware will be more disruptive (and information sharing needs to be more active)  

Ransomware will evolve to become killware and disrupt more lives. And in terms of its impact, it’ll be less about the money and affect more aspects of our lives. There’s more that needs to be done to enhance information sharing in general, beyond ransomware alone, and ensure that there’s more than just talk. A lot of information sharing for ransomware happens when you sit in a conference room and talk about the topic, but your department and organization will benefit so much more if the learning and testing happen in something much closer to a real-life situation. Let’s say you show up unannounced and say something like, “Hey, your system’s gone down. What do you do?” This real-time, functional type of testing mirrors actual scenarios and makes your teams that much more prepared. — Shefali Mookencherry, Chief Information Security and Privacy Officer for the University of Illinois, Chicago

Ransomware is a growing threat, with more sophisticated attacks targeting organizations of all sizes. It’ll continue evolving and becoming even more lucrative for cybercriminals. — Matt Swann

Adoption of “zero trust” will accelerate

Organizations are increasingly adopting a “zero trust” approach to security, where trust is never assumed, and strict access controls are enforced, even within a network. — Matt Swann

Organizations will accelerate adoption with a specific focus on strategy, approach and, in simplest terms,; least privilege access across all data layers. — LaLisha Hurt

Keep a top tech shop to keep top talent

“It’s going to be very competitive to retain talent in this professional landscape. Organizations need strong technology shops to attract strong talent, offer unique opportunities, and keep their people. It’s going to require more than just salary to recruit and, more importantly, retain talented professionals.”

Zack Schwartz, Chief Information and Technology Officer, Events DC

Building a diverse and ‘smart’ cyber workforce will move from mantra to action and become a big part of the overall cyber strategy going forward. The Great Resignation across cybersecurity will continue; however, organizations will rethink and implement creative recruiting, hiring, retention and training practices that will extend beyond traditional approaches in order to create a more diverse and inclusive workforce that aligns with future business and mission needs.

LaLisha Hurt

Hybrid computing will not just mean hybrid cloud, but hybrid architectures

It won’t only be about what cloud, but about what computational architecture you’ve optimized your software to execute on. As quantum computing comes more meaningfully online and GPUs get taxed for all the AI workloads, look for a new set of abstraction layers and hybrid development patterns to emerge.

Cory Minton

Debt will force organizations to reconsider their digital strategies

Start with the amount of tech debt in organizations across all sectors and industries, driven by the need to innovate and deliver fast. The tradeoff, speed over quality, has resulted in fragile and vulnerable software and systems. A growing debt, combined with increasing interest rates, have surpassed many organizations’ repayment ability, with much more to follow. The debt collector is not only knocking — they’re already inside.

Jaana Nyfjord, Field CTO & Strategic Advisor, Technology & Innovation (EMEA)

The move to the cloud will be challenged

Organizations will make hosting decisions that are more strategic and considered. Rather than assuming that all workloads will move to the cloud, organizations will likely start making decisions based on cost, speed, environmental, energy access and data movement concerns. This will be further accelerated by access to custom and purpose-built chip availability this year. Cloud workloads will continue to grow, but slower.

Shaun Cooney

But will things actually change?

I don't think things will be that different next year. I don't think there's going to be a massive change in the way cyberattacks are carried out because those conducting the cyberattacks, whether that's criminals or nation states, have a business model that’s working pretty well. So why would they change what they’re doing? There’s a lot of pressure on organizations to strengthen their cyber defense, but that’s been the case for the entire time I've been in the civil service. So I think it will remain boringly quite similar.

Dave Marshall

My prediction is that you're going to continue to see the same thing. The threats and the problems that we had 20 years ago are the same as they are today. They might be in a different order, we might call them something slightly different, but they're all the same. And they're the same because they're all based on people. People and culture don't change that much over a 20-year period. The challenges that people are raising with AI or the skill shortage are cyclical problems. We've had them all before.

Randy Herold, Chief Information Security Officer & Chief Privacy Officer, ManpowerGroup

Come back in December to read more expert predictions for 2024 and beyond.

Read more Perspectives by Splunk

SEPTEMBER 7, 2023  •  3 minute watch

How Leaders Can Ease Generative AI Growing Pains for Their Workforce

Will generative AI improve employee resilience or cause massive headaches? Splunk's Petra Jenner discusses with analysts Daniel Newman and Pat Moorhead.

OCTOBER 6, 2023  •  22 minute watch

Subtle Ransomware Tactics, More Regulation on the Horizon for Security Leaders

Today’s security leaders are facing technical challenges, including a shift to specified, “surgical” ransomware tactics. But as the CISO’s role moves into the spotlight, business-level concerns rise to the top of the priority list.

AUGUST 8, 2023  •  5 minute read

Why Shared Storytelling Is Key for a Strong Cybersecurity Community

How a single-day event inspired a group of infosec pros to write about their experiences.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.