2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train
2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train
By Phil Dunkelberger
Why is the security industry still thriving, why do we have so many claiming to be the ultimate protector of your precious data? Maybe there is a reason why malware seems to be multiplying. In January 2020, just before the pandemic I was a guest speaker at CES, I talked about how in 2019 just over 8 billion devices connected to the internet. As of the end of 2023 that number has almost doubled to 15 billion devices. That is people and things connecting and accessing data – all of which need to be authenticated and protected. This is why phishing, malware and other bad actors make the security industry so necessary and important.
So, as we lean in into 2024, it’s time to see what might be in store for this ever-evolving realm of digital defense. Spoiler alert: it’s a mixed bag of consolidation, ROI pressure, AI hype, and regulatory crackdowns. While you may be looking for the silver bullet, there is no cure for constant vigilance training and awareness of security issues.
1. Further Consolidation? Groundbreaking!
We can’t avoid it, it is almost a constant now in our industry – consolidation. It’s like a never-ending game of cybersecurity Tetris, where the bigger players gobble up the smaller ones, and we all pretend to be surprised. What’s next? Well, expect even more consolidation (remember Symantec or McAfee), especially among companies dabbling in machine learning, AI, and encryption. First quarter of 2023 alone there were 10 announced consolidations! But what started out looking like a lot of activity, overall 2023 was actually a slow year for M&A in the security industry.
You see, there are so many of them out there, all claiming to be the superheroes of security. But here’s the rub: they often have overlapping technologies, creating a cacophony of confusion for customers. So, it’s survival of the fittest, and the biggest fish in the cyber-pond will swallow up the minnows. Just remember, when your favorite cybersecurity startup disappears, it’s probably because they got gobbled up by a larger fish. Bon appétit!
2. ROI: Prove It or Move It
So when the M&A market is slow, as a company you need to focus more on proving ROI so you can garner customers – the pressure is on. Gone are the days when a snazzy logo and some jargon-filled marketing materials were enough to convince businesses to part with their precious dollars for cybersecurity solutions. In 2024, the name of the game is “Show me the money!” or more accurately, “Show me the ROI!”
It’s not enough for companies to claim they can save you from cyber-calamities; they’ll need to demonstrate real-world results. No more smoke and mirrors, folks. Cybersecurity providers will be under intense pressure to prove the effectiveness of their solutions. Fancy algorithms and buzzwords won’t cut it anymore. If they can’t show how they’re actually preventing breaches or mitigating threats, they might as well pack up their snake oil and hit the road.
There will also be the need to demonstrate ROI across more teams within your overall organization. Gone is the day that the CISO alone can make the decision. With so many projects in motion with companies and security needing to integrate into almost every application – the “Prove it and Show me” tour internally is a longer road.
3. AI and Machine Learning: Hype and Reality in a Three Sided Coin?
AI and machine learning, the darling buzzwords of the tech world. Every cybersecurity company wants you to believe that they’ve trained an army of sentient robots ready to defend your data. But hold your cyber-horses, because in 2024, the AI hype train might just run out of steam.
Sure, AI and ML have their place in cybersecurity, but they’re not the magical panaceas some claim them to be. Their effectiveness needs to be proven in real-world scenarios, not just in glossy brochures. So, while companies will continue to ride the AI wave, users should keep their skepticism shields up. After all, no algorithm can replace good old-fashioned human vigilance and common sense when it comes to staying secure.
Be forewarned – AI is a three sided coin. There absolutely is benefit in AI that both the attacker and defender need to learn how to take advantage of – but it is the one who learns best to take advantage of the “edge” – finds the margin – that will win using AI in the security world.
4. Regulatory and Privacy Demands: Brace for Impact
Now, here’s the sobering part of our prediction party – on a global and regional basis. Brace yourselves for more regulatory and privacy demands in the cybersecurity landscape worldwide. Meeting regulatory requirements is no longer a broad checkbox item, it is regionally and vertically critical that security vendors address the regulations. As if navigating the labyrinth of cybersecurity compliance wasn’t already fun enough, we can expect even more rigorous standards and potentially more severe consequences for companies that fall short.
This too is not unlike the consolidation shifts we see every so often – this is a pendulum swing that follows the pace of new technology. We see AI burst onto the scene along comes regulation, some might call it a knee-jerk reaction but when you are dealing with personal identifiable information (PII) or corporate information – intellectual property (IP) – the road is complex. We have some examples that have helped along the way like PSD2, the FIDO standard and the recent introduction of passkeys. But there is a long way to go. Just as seatbelts (or airbags) didn’t stop people from being injured in car accidents.
With cyber-threats becoming more sophisticated and data breaches making headlines, governments and regulators need to be on top of the latest new technologies.. They want to ensure that companies take data protection seriously. So, don’t be surprised if you find yourself buried in a mountain of compliance paperwork and facing hefty fines for non-compliance. It’s the price we pay for playing in the digital sandbox, folks.
The security industry in 2024 promises to be a whirlwind of further consolidation, ROI scrutiny, AI skepticism, and regulatory headaches. As businesses and individuals rely more than ever on digital platforms, the pressure on the cybersecurity industry to deliver real, measurable results is mounting. While there may be challenges ahead, it’s all in the name of keeping our digital world safe. So, stay vigilant, demand proof, and keep your cybersecurity wits about you in this brave new era of digital defense.