2023 was a big year for cybersecurity and data privacy — and 2024 might be even bigger

In 2023, we saw a number of noteworthy developments in the world of cybersecurity and data privacy. From game-changing legislation to costly regulatory enforcement activities, a lot happened over the past year — and it’s all just a harbinger of what’s to come.

In 2023, privacy became a priority

Amidst heightened concerns surrounding data breaches and other cybersecurity threats, companies began to adopt more privacy-preserving technologies. From differential privacy to homomorphic encryption, we witnessed a better effort to proactively protect consumer data in 2023.

Additionally, many businesses began to embrace the concept of “privacy by design,” integrating data protection principles directly into their product and service development processes. These are promising trends we hope to see continue into the new year.

In 2023, we saw new legislation … and new crackdowns

Over the last year, both federal and state governments tightened the reins on data protection, forcing businesses to recalibrate their security strategies. For example, on the federal level, the SEC introduced a new requirement for public companies to disclose material cybersecurity incidents as well material information regarding their cybersecurity risk management, strategy, and governance on an annual basis. Likewise, the FTC introduced the Safeguards Rule, which requires non-banking financial institutions to develop, implement, and maintain a comprehensive cybersecurity program.

The federal government wasn’t the only one to put new laws in place, however. We also saw a major surge in new state privacy legislation, which regulators are strictly enforcing. For example, in a landmark moment back in August, retail giant Sephora received a $1.2 million fine for violating the California Consumer Protection Act. With figures like this, it’s worth mentioning that these laws don’t only apply to big corporations — they can affect businesses of all sizes. So make sure to stay in compliance, because neglecting to do so can be very costly.

In 2024, more legislation is on the way

The steady enactment of new cybersecurity and data privacy laws will almost certainly continue throughout 2024. We can expect to see more state privacy legislation, and we may also see a new law requiring companies to report data beaches in a faster manner. Both stakeholders and regulatory bodies are advocating for this in order to give those affected by a breach greater transparency to help minimize fallout.

In 2024, corporate governance will become more important

Business leaders are beginning to recognize the need for board representation with cybersecurity expertise. In 2024, whether by choice or by mandate, boards of directors will be expected to include individuals with a deep understanding of data privacy and security, reflecting a broader acknowledgment of cybersecurity as a core business concern that requires strategic oversight at the highest levels of organizational leadership.

Yes, AI is here … and it will change everything

You might be wondering how we got this far without talking about AI. Well, it’s here to stay and it will continue to increase business risk in 2024. As AI becomes more pervasive (especially generative AI), concerns regarding the responsible use of data and potential privacy infringements are more relevant than ever.

Following President Biden’s sweeping Executive Order on AI and the EU AI Act, you can expect to see even more efforts to strike a balance between leveraging the power of AI and ensuring robust data security in 2024. These will likely include continued discourse on ethical AI practices and the introduction of transparent data usage policies.

Overall, it’s safe to assume that cybersecurity and data privacy will continue to become increasingly important to businesses and organizations of all sizes as new laws, technologies, and threats emerge. If 2023 was any indicator of the direction we’re heading, it’s time to start betting on increased enforcement and oversight.