Light Dark
September 18, 2019 By Sue Poremba 3 min read
Risk Management

By 2024, the collective cost of data breaches will reach $5 trillion, according to a study by Juniper Research. The study predicted this astronomical amount will be the result of an increase in fines due, in large part, to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and any other data privacy laws that come up in the next five years.

However, we should also expect to see a 70 percent rise in cybercrime during that time period — another reason for the spike in data breach costs. The study anticipated artificial intelligence (AI) will be responsible for much of the increase, not just because more organizations will rely on AI in the future, but also because threat actors will utilize the technology to launch advanced cyberattacks.

This, of course, is all predictive — probably accurate based on the history of cyberthreats — but it also raises the question: What is the future of cybercrime? What will the threat landscape look like, not so much in five years, but in one or two? The more we know about what the future will look like, the more accurate threat analysis will be.

What Today’s Threat Landscape Can Tell Us About Tomorrow

Looking at the technology of today can guide predictions for the future. Technology that is in the earliest stages of popularity is at its safest point — the ideal time for organizations to build out predictive threat analysis.

For example, most of us remember how malware attacks used to be focused on Windows machines, leaving Apple users feeling superior because they were “safe” from cyberattacks. Then, Apple became more mainstream, and their operating systems (OSs) are no longer immune from attacks. It was the same with mobile apps and now with the internet of things (IoT). As AI becomes more mainstream, it will be both attacked and weaponized.

Where will we see cybercrime go? According to Nicole Eagan, CEO of Darktrace, we can expect to see a digital war of algorithms.

“Autonomous cyber-attacks may have a defined target — intellectual property — or persist opportunistically for monetary gain or mischief,” Eagan noted in a Forbes article. “As they sustain their presence, they will grow stronger in their insider knowledge as they build up control over data and entire networks.” And it will be nearly impossible to stop.

But AI isn’t the only threat on the horizon. As the world becomes more connected and everything is turned into a smart device, expect cybercriminals to spread malware from one device to another as they “talk” to each other. Through the IoT, threat actors will be able to gain credentials that will allow them to access and control all of the devices in one organization or household.

Cryptojacking made a lot of headlines in the past year, but cryptocurrency still isn’t mainstream enough for people to pay attention. Will that shift over the next few years? It is likely that cryptocurrencies will become more mainstream, which is why you should be thinking about how to protect from cryptojacking now.

Develop a Predictive Threat Analysis Approach

“Cybersecurity losses are a cost of doing business in the digital age,” Tim Erlin, vice president of product management and strategy with Tripwire, told SC Magazine.

But that doesn’t have to be the case if you look at the future and use some predictive analysis to see what is coming. It may require thinking outside the box and using new approaches to anticipate future cybercrime.

“Anticipatory compliance — showing that an organization is studying and responding to potential threats — should be embraced by organizations, not necessarily from the compliance lens, but from the security and privacy lens,” said Tom Garrubba, senior director and CISO at Shared Assessments, in an email statement.

There is a tendency for organizations to be reactionary; maybe it is easier to put out fires after they’ve begun. But that is also a never-ending project. You may not know exactly what’s coming, but looking at the past and understanding what’s happening in the present makes predicting threats a whole lot easier.

If you can anticipate what the future will bring, you can better prepare your organization for the worst. It may just keep you from contributing to 2024’s $5 trillion in data breach fines or from being a victim of cybercrime much sooner.

 |  |  |  |  |  |  |  |  | 
Sue Poremba

More from Risk Management
January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

January 24, 2025

How cyberattacks on grocery stores could threaten food security

4 min read - Grocery store shoppers at many chains recently ran into an unwelcome surprise: empty shelves and delayed prescriptions. In early November, Ahold Delhaize USA was the victim of a cyberattack that significantly disrupted operations at more than 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific details of the nature of the attack have not yet been publicly released.Because the attack affected many digital systems, some stores were not able to accept credit/debit cards, while others had to shut…

January 23, 2025

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature