Board Priorities 2024: Cyber preparedness & resilience
11 January 2024
Several key cyber developments took place in 2023, highlighting the need for organisations to uplift their cyber readiness and resilience this year.
We have seen a sharp reminder of the importance of geo-political risk and the cyber threat environment, with Five Eye Governments overtly re-stating the risks of State-based threat actors and the importance of growing risks to critical infrastructure, intellectual property and both personal and sensitive information. We have also seen the significant growth and advances in the use of artificial intelligence (AI).
Cyber regulators across the world are highlighting evidence of threat actors affiliated with state-based threat actors who are dedicating substantial resources and deploying increasingly sophisticated capabilities to target critical infrastructure networks.
While the cyber activity of state-aligned actors often focuses on distributed-denial-of-service attacks, website defacements and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact directed at critical infrastructure of western countries, specifically targeting utilities (water and electricity in particular), communications, health, financial services, food, transport and defence. The role of State-based threat actors in corporate espionage is higher on the agenda in 2024 than it has been for some years.
State-sponsored criminals, are also refining their operating models to cause maximum disruption across a growing number of high-profile attacks, including using AI. AI has the potential to dramatically change the scale of the cyber security challenges organisations face. Hostile adversaries are already using large language models or LLMs to develop increasingly sophisticated phishing emails and scams. In the future, AI could be used to conduct targeted or untargeted cyberattacks and it is likely to lead to the further proliferation of cyber capability to a wider range of actors. Generative AI also has the potential to create synthetic cyber environments which could be used for criminal purposes or fraud.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.