7 infosec trends in 2024 (& how they affect your business)

Seeking to up your organization’s information security (infosec) game in light of the heightened focus on data privacy from lawmakers, regulators, and consumers? It’s the season when we take stock of the past year’s efforts and resolve to put our best foot forward in the new year. During your year-end review, ask yourself: How confident am I in my business’s efforts to protect my customers’ information? 

To help you answer the question and navigate the evolving compliance landscape, we asked members of our internal dream team about infosec and data privacy trends they expect to see in 2024. 

Meet the Experts

Thoropass has a team of trusted and experienced experts to help you on your compliance journey. Let’s meet a few of the experts featured in this post: 

• Sam Li, Thoropass Founder and CEO, and his Thoropass co-founders established the organization to help technology companies of all sizes and industries streamline compliance and ensure it is never a blocker to innovation.

• Christina Bartolacci, Thoropass Senior Compliance Strategist, specializes in information security and privacy. She guides customers through building scalable and audit-proof programs that will be continuously compliant.

• Bruce Edwards, Thoropass Senior Manager, PCI Assurance, specializes in information assurance (PCI, DSS, and SOC) and IT Compliance Program Development. He maintains a clear and up-to-date understanding of current network and security trends, best practices, and frameworks, including HITRUST, PCI DSS, and more. 

Read on for the top seven trends they predict for next year. 

Trend #1:  More state-level data privacy regulations

Sam Li notes, “More US states will pass or enact privacy regulations, following the footprint of California and Virginia, but federal legislation is still afar despite some bipartisan support, given the election year and gridlocked congress.”

What or who is driving this shift toward state privacy laws? Consumers.

According to Pew Research about how American adults view data privacy, 72% want more government regulation over what businesses can do with personal customer information. 

Similarly, International Association of Privacy Professionals (IAPP) research showed nearly 68% of consumers worldwide are somewhat or very concerned about their privacy online. 

Twelve states, including CA and VA, have privacy acts, one state’s privacy bill is awaiting the governor’s signature, and eight more states have introduced bills or moved them forward into committee proceedings. Another 11 states have inactive bills ready for the state’s  House floor. 

With more than half the US states working toward data privacy regulations targeting consumer rights and business obligations, this is a trend your business will want to follow. Find out how your state stacks up in this data privacy movement.

Trend #2:  First legal framework for AI regulation

Sam says, “EU will enact the world’s first comprehensive legal framework for AI regulation. The risk-based approach is great, but enforcement will be hard.”

Recently passed  in the European Union (EU), the EU AI Act is “a legal framework governing the sale and use of artificial intelligence in the EU.” The Act encompasses all AI systems used in the EU, which means it covers global businesses making their AI systems and output available in the EU.

The AI Act categorizes AI systems based on the level of risk they pose to the health, safety, and fundamental rights of a person. Risk levels include: 

• Unacceptable – systems with the potential for manipulation and exploitation will be banned altogether

• High – safety components or sensitive purposes, such as biometrics or law enforcement, will be carefully governed

• Limited – systems with limited risk for manipulation must adhere to transparency regulations

• Minimal – systems that do not fall into the other categories 

The AI’s eventual implementation will likely affect how much confidence global regulators have in the integrity of AI systems. 

Expert advice from Sam Li: “Get proactive in investing in compliance programs, so [you] don’t have to rush last minute.”

Trend #3:  Data privacy is a priority

When looking ahead to 2024, Christina Bartolacci urges organizations to put an “emphasis on privacy in every capacity.” 

American tech research firm Gartner, Inc. predicts that by the end of 2024, modern privacy regulations will cover the personal data of 75% of the world’s population. 

For consumers, the increasing desire for data privacy involves transparency. Your customers want to know how your business abides by its privacy policies and how their personal data is managed and safeguarded. 

78% of US consumers have confidence in their online privacy decisions, but 61% doubt their choices will affect how their personal information is handled. 

You can bolster your customers’ confidence in your business with better data privacy practices. The increased state-level privacy regulation efforts indicate it’s an excellent time to start developing your data privacy program in the coming year.  

To help you determine which data privacy compliance framework is best for your business, take our short quiz to learn:

• The key differences between the most in-demand infosec compliance frameworks
• When and why you need certain frameworks to operate in specific industries and geographies
• Which frameworks align with your business goals 
• How you can leverage one audit to achieve multiple reports and certifications

Expert advice from Christina Bartolacci: “Invest more time and energy on privacy and best practices around it, whether it is already forced upon via regulation, law, client, etc., or not. People care now, not just companies, as consumers start to become more savvy.” 

Trend #4:  Continuous monitoring

Bruce Edwards is Thoropass’ resident PCI DSS expert. He explains, “We may see a push towards integrating continuous compliance monitoring, where businesses employ systems that continuously check for PCI DSS compliance rather than periodic audits.”

Continuous security management (CSM) lets businesses maintain ongoing compliance, even amid emerging cybersecurity threats. Comprised of real-time monitoring, automated remediation, and compliance management, CSM helps businesses avoid a (dreaded) data breach, 81% of which happens despite traditional security controls. 

From 2022 to 2023, the global average data breach cost USD 4.45 million, up 15% over the preceding three years. In addition to creating more compliance horror stories, 60% of the data breaches increased customer costs. IAPP research found that 80% of consumers affected by a data breach are likely to stop doing business with a company involved in a cyberattack. 

In Stanford University’s research “Psychology of Human Error,” 88% of the world’s data breaches are attributed to human error, highlighting the opportunity to leverage automation to mitigate the risk of a data breach. (See Trend #7 to learn more about better protecting your business against data breaches with AI.)  

Trend #5: Upsurge in mobile and contactless payment methods

Bruce Edwards says, “Additionally, there could be an increased emphasis on securing mobile and contactless payment methods.

The Consumer Financial Protection Bureau projects the monetary value of digital “tap-to-pay” transactions will increase 150% by 2028. The growing demand for on-the-go payment methods, coupled with the PCI Data Security Standard (PCI DSS) v4.0 on the near horizon (PCI DSS v3.2.1 will be retired on March 31, 2024), means this trend deserves your attention in the coming year. 

Without the safeguards of a Personal Identification Number (PIN) or required signature, mobile and contactless payments increase the risk of fraud and subsequent data breach. Continuous monitoring plays a vital role in mitigating this risk. (See Trend #4.)

Streamline your PCI DSS compliance audits with a compliance solution that effortlessly captures detailed configurations from your technology stack and provides concrete evidence of compliance within your Cardholder Data Environment. 

Expert advice on PCI DSS compliance from Bruce Edwards: “Companies can prepare by investing in technology that supports continuous monitoring and training staff on the importance of data security, especially for mobile transactions. To take advantage of this trend, companies can promote their adherence to stringent PCI DSS standards as a competitive edge, showcasing their commitment to customer data security.” 

Trend #6: Global harmonization of compliance regulations

Bruce addresses general compliance trends by suggesting one trend we will see is, “The global harmonization of data protection regulations, influencing companies to adopt a more universal compliance framework.”

The infosec industry is gradually shifting toward universal compliance following the lead of GDPR, the EU AI Act, and state-level privacy regulations. But how do your specific business and customer needs fit into this converging environment? 

A first step toward finding the best compliance framework for your business is discovering the exact framework mix you’ll need to keep your customers’ data safe and secure and prevent data breaches that can cost thousands and ruin reputations. Thoropass’ Multi-Framework Quiz can help you learn to do more with less by pursuing multiple certifications and attestations at once with a single audit. 

Trend #7: Uptick in compliance automation 

When it comes to compliance processes, Bruce adds, “Compliance automation will surge, utilizing AI and machine learning to track regulatory changes and compliance status in real-time.”

In Trend #4, we touched on the practice of automating compliance efforts to secure customer information. In a growing movement, artificial Intelligence (AI) is the tool of choice for compliance automation. Still, consumers express concern over AI use:

• For consumers who have heard about AI, Pew Research reports that 70% have minimal trust that companies will use AI responsibly. 

• In the same group, 81% feel uncomfortable with how companies use personal information collected and analyzed by AI.  

• In IAPP research, 57% of global consumers perceive a significant threat to their privacy from the use of AI to collect and analyze their personal information, preferring a combination of computers and humans for these data tasks.   

On the business side of this debate, organizations that use AI automation in their infosec and data privacy practices save USD 1.76 million per year in data breach costs over organizations that do not use AI automation security. 

Is there a solution to satisfy the data security concerns for businesses and consumers? We like to think so.

Introducing The OrO Way

The OrO Way is the only customer-first approach to compliance and infosec audits: smart automation combined with in-house experts including an audit team, to provide an end-to-end compliance solution for our customers, all in a single platform.

Adding to The OrO Way approach, Thoropass recently released its new Risk Register feature. Thoropass COO and President Eva Pitts said, “The benefit [of Risk Register] is that customers can leverage automation and workflows to streamline their risk management process while fostering a risk-minded culture that improves decision-making and supports compliance and audit processes at the same time.”

---

---

Quick summary: How does Thoropass automate infosec? 

1. Thoropass offers the only compliance automation and audit solution that combines technology and expert guidance.

2. Thoropass is ready for the future of AI in cybersecurity, including predictive analytics, behavioral analysis, automated response, and adaptive learning. To learn more, view our free AI webinar with Thoropass Product Manager Leah Rang exploring the role compliance plays in an AI world and the role artificial intelligence can play within compliance. 

Expert advice on general compliance from Bruce Edwards: “Organizations can stay ahead by adopting scalable compliance solutions that can quickly adapt to regulatory changes globally. They can harness this trend by using their robust compliance posture as a trust signal to customers and a market differentiator, potentially accessing broader markets that value stringent compliance practices.” 

Ready to up your infosec game in 2024?

Navigating the evolving compliance landscape can be daunting, especially when balancing consumer preferences with business resource costs. 

Now that you know the 2024 infosec and data privacy trends to watch and have heard what the experts recommend, are you ready to up your infosec game in the coming year? 

To achieve your goals of building trust and protecting your customers (and avoiding cybersecurity violation fines!), we invite you to explore how Thoropass can streamline your compliance journey. With a marriage of in-house experts and automation technology, we’ve got everyone and everything you need in one place. 
Want to learn more about how the right solution can help you protect your company and your customers? Contact us to book a demo today.

---