We recently published the Top Recommendations For Your Security Program, 2024, report for CISOs and other senior cybersecurity and technology leaders. The theme for our annual recommendations report this year centers around the importance of anticipating and leading change.

In 2024, our recommendations fall into three major themes for security leaders:

    1. Changing tech
    2. Changing threats
    3. Changing consequences

Changing Tech

The introduction of new tech brings with it increased risk to the organization and will require leaders to adapt — quickly. The emergence of generative AI (genAI), for example, will be a game-changer for your security team, but its implementation won’t be without challenges. GenAI promises real utility in a variety of use cases, such as content creation, behavior prediction, and knowledge articulation. It will invariably become a core component of the future analyst experience, but it’s not quite there yet.

Outside the security team, your organization’s use of large language models (LLMs) poses increased risk of data and IP loss, as well as privacy violations. Get ahead by understanding your organization’s LLM use cases, tracking products that embed genAI, applying the appropriate controls, and updating your data security policies to include genAI.

Changing Threats

Our recent report, Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2023, found that attackers stole 1.5 billion customer or citizen records in 2023. Attackers will continue to evolve to further plague security teams in 2024. One trend we identify in the report is the emerging risk posed by AI-generated deepfakes, which are now able to circumvent biometric authentication systems. Security leaders can proactively combat this threat by obtaining realistic accuracy and tuning information from vendors, implementing multiple defense layers that leverage AI, and enforcing employee and business partner training.

Changing Consequences

CISOs are no strangers to being scapegoated, but the recent SEC action against SolarWinds and its CISO turned the concept from an unpleasant career outcome to a real threat of legal consequences. Security leaders now bear personal risk and potential liability for their actions and the actions of their company. The stakes for accurately assessing and communicating security posture have never been higher.

Security leaders must walk a fine line between vocalizing program gaps while maintaining enough influence to obtain sufficient budget and change management support from peers. To do this, CISOs need to position security as a profit center that’s critical to business growth by drawing clear links between security investment and customer, cyber insurance, and regulatory requirements.

Top Recommendations: Behind The Scenes

Our annual recommendations for CISOs come from several sources, including:

  • Engaging with clients. We include insights gleaned from inquiries, advisory, and guidance sessions with senior security, risk, and privacy leaders, as well as inquiries and advisory sessions with cybersecurity, risk, and privacy vendors.
  • Staying up to date on vendor activity. We take briefings from cybersecurity, risk, and privacy vendors to stay abreast of what the cybersecurity vendor community is doing.
  • Gaining detailed insights into competitive dynamics and markets. We conduct evaluative research such as vendor landscapes and Forrester Wave™ evaluations. These projects include questionnaires, demonstrations, client reference surveys, and client reference interviews.
  • Analyzing an enormous amount of data from decision-makers. Forrester runs three different surveys covering security, risk, and privacy, with over 7,500 respondents in total.

Read The Research

For more on these recommendations, check the research out here: Top Recommendations For Your Security Program, 2024.

Engage With Us

Forrester clients can also attend a webinar on Wednesday, April 24, in which we’ll dig into highlights from this report. You can also schedule an inquiry or guidance session to discuss the findings and how they apply to your organization.