At a time when digital transformation is not just an advantage but a necessity for global organizations, SHI’s guide to 2024 cybersecurity trends explores the complex landscape of AI advancements, identity management, the strategic shifts caused by vendor consolidation in the cybersecurity domain, and more. This ebook is your comprehensive guide on the key cybersecurity trends organizations should anticipate in 2024. We draw upon insights from SHI’s own subject matter experts as well as leading cybersecurity providers to shed light on the industry’s future.
Unlock expert perspectives on the future of cybersecurity.
SHI takes a holistic approach to cybersecurity
Industry-leading perspectives on cyber AI, industry consolidation, automation, and evolving regulations.
The SHI guide to
Cybersecurity solutions
Identity and access management
Future-proof your cybersecurity strategy
Ready to solve what's next for your security landscape?
Build a robust, agile security strategy that not only addresses today's challenges, but also anticipates tomorrow's threats. Within this guide, you’ll gain comprehensive insights from SHI’s six pillars of cybersecurity, including how to enhance identity and access management, leverage AI and automation for threat detection, and more. Our guide provides actionable strategies for securing your digital assets in an increasingly complex cyber environment.
Download the SHI guide to 2024 cybersecurity trends to stay ahead of the latest cyberthreats.
Download your cybersecurity trends guide now
Our security experts collaborated with colleagues from industry-leading vendors to analyze how the latest cybersecurity trends will impact global corporations and the challenges you face. Our guide empowers organizations to not only anticipate emerging threats, but also embrace disruptive technologies with confidence, ensuring your security posture is both robust and adaptable. By synthesizing global insights and forecasting pivotal shifts, this ebook enables leaders to craft forward-thinking strategies that safeguard assets, maintain customer trust, and secure your competitive edge.
Manage your end-user and digital identities with a robust framework that controls access to critical information, secures profile information, and maximizes data governance.
Threat and vulnerability management
Identify and close gaps in your security defenses with automated remediation, phishing detection, posture assessment, attack surface management, and more.
Application security
Incorporate innovative tools at front-end, cloud, and software development lifecycle (SDLC). Validate effectiveness of tools, integrations, software development, and initiatives.
Data-centric security
Our suite of programs, lab verification services, partners, and experts enable you to validate the effectiveness of tools, integrations, software development, and strategic initiatives in your environment.
Learn more
Manage the convergence of network, data center, and multi-cloud. SHI provides network analysis, identity, and cloud workload protections with solutions and platforms that align to your security maturity.
Data center and cloud security
Plan, set, and achieve security goals with expert guidance. We evaluate your current state and develop an actionable roadmap to ensure long-term security.
Program strategy and operations
2024 CYBERSECURITY TRENDS
© 2025 SHI International Corp. All Rights Reserved. This site is owned and maintained by SHI for the use of its customers.
The need to simplify and streamline
Start your infrastructure modernization journey
Our team of certified infrastructure experts makes it easy to design and deploy your next-generation infrastructure. Start the conversation today to gain access to SHI’s decades of industry knowledge and experience. Ready to build your next-generation infrastructure with SHI?
When asked to identify the greatest barrier to addressing cybersecurity challenges, the top concern was rapidly evolving and sophisticated threats (36.1% of respondents), followed by limited cybersecurity staff or expertise (20.4%) and inadequate funding (17%). Further expanding on the staffing challenge, Nick Casanova, SHI Public Sector Senior Solutions Director, states, “Not only can states and local governments not hire enough cybersecurity professionals, but they also have a very difficult time hiring contractors to fill the void. This is because managed service contracts for staff augmentation are usually done at the state level with general pay-per-hour rates that are not in line or competitive with standard cybersecurity professional salaries.”
The top challenge can be summarized as complexity.
What are your organization's top challenges with your cybersecurity technology? Please select up to 3.
Managing the growing complexity of devices, workloads, and identities
Complex solution deployment, tuning, and maintenance
Not enough automation/too many manual processes
Lack of integration with other tools
Vulnerability to 3rd party supply chain risks
Limited visibility into endpoint devices
High rate of false positives
Do not know
Other
63.9%
37.4%
32.0%
29.3%
27.2%
21.8%
8.2%
12.2%
When it comes to their organization’s cybersecurity technology, the complexity continues in the form of growing devices, workloads, and identities – with nearly two-thirds (63.9%) of survey respondents selecting this answer. The other top two results showed that 37.4% of the government leaders struggled with complex solution deployment, tuning, and maintenance, while 32% lacked enough automation or had too many manual processes. Additionally, about one-third of respondents chose lack of integration with other tools and vulnerability to third-party supply chain risks as leading challenges. The data reflects a maturing understanding of cybersecurity technology and the necessity of each function. No longer seen as an isolated IT issue, government leaders recognize how interconnected cybersecurity functions are – touching tools, people, and processes across the organization. There is a pressing need to streamline and secure the many facets involved, including threat protection, improved automation, and training.
“Organizations are looking for help to make sense of that complexity and starting to really get the fact that everything is connected to everything else – and it’s not going to go away,” said VP of CDG and Governing Institute Todd Sander. SHI Public Sector Field Solutions Engineer Steve Troxel adds, “We are now at a point where business leaders can’t say they did not know about the cybersecurity risks of their actions.”
Back
What is your organization's biggest barrier to addressing cybersecurity challenges?
Rapidly evolving and sophisticated threats
36.1%
Limited cybersecurity staffing or expertise
20.4%
Inadequate cybersecurity funding
17.0%
Outdated legacy technologies and infrastructure
12.9%
Lack of staff awareness or training
4.8%
4.1%
No barriers
Evolving threats, proliferation of devices, and too many manual processes result in an environment that is difficult to secure.
3 cybersecurity challenges
Simplify and streamline
Role of funding
Investments for today
Security program strategy
Solve what's next with SHI
Next
Explore
The increasingly complex, rapidly changing cybersecurity environment
The role of funding
Investments for today and beyond
How is your organization funding cybersecurity staff and initiatives for this upcoming fiscal year? Please select all that apply.
Given the great need for cybersecurity technology, it’s not surprising that funding plays a vital role in securing solutions and services in the public sector.
Respondents are most likely to use regular budget funding (78%) to fund cybersecurity staff and initiatives for the upcoming fiscal year. The data showed state respondents are much more likely to say they are relying on federal grants (33%) compared to counties (19%) and cities (9%).
Regular budget funding
78.2%
How will your organization's cybersecurity funding change for this upcoming fiscal year?
Utilizing free resources
23.1%
Partnering with other organizations
Federal grants
17.7%
Fees for cybersecurity services
9.5%
Additionally, funding for the upcoming fiscal year was most often reported as either a slight increase (38.8%) or the same as the last fiscal year (28.6%). With less than 7% of respondents showing a decrease in cyber funding, the data emphasizes a growing standardization of cybersecurity funding as a business need. SHI can help balance the mounting demand to address cybersecurity concerns and simultaneously maximize your budget to take these initiatives further.
Regarding budgets, many organizations are starting to ask the question: how much is enough? “They need to be really thoughtful about how much more they spend, especially now that they're rolling into the general fund approach to support cybersecurity,” said Sander. The modernization of technology is also likely to impact the conversation of how much to invest and where. “Since we are at a more mature starting point for modern IT platforms and their capabilities, they frequently account for cybersecurity needs better," according to Troxel. "This can make it easier for governments to meet cybersecurity controls today and is a great driver for application modernization. An example of this is native integration of platforms with multi-factor authentication products.” The disparity in security maturity will also impact where these funds go. “While some organizations are still trying to catch up with establishing a basic package that addresses their needs, others that invested the most up to this point are considering: at what point do you get to the place where adding another dollar to cybersecurity spending doesn't get you another dollar’s worth of improvement, protection, or benefit?” said Sander.
When asked where respondents need assistance in securing funding for cybersecurity, the following survey responses suggest nearly half of respondents are looking for support with grants. The data shows the majority needs help either identifying, securing, or managing grants.
Navigating grant funding
Many state and local government leaders want to understand which grants they qualify for and gain awareness of available grants (45.6% and 44.9% respectively). Another leading answer showed that 36.1% of respondents needed assistance with applying for grants. The theme of complexity presents itself again in the form of procurement and grant funding. “Whether the grant programs are formula-based or proposal-based, state and local agencies must put NIST standards and federal requirements in place to qualify,” said SHI Director of Growth Marketing Programs – Public Sector Robert Fass. “This is an area SHI’s grants team has been encountering the last few years, helping our customers align their plans and make sure they're complying with federal grants.” “We’re seeing grants that have very specific stipulations around cybersecurity,” agreed Troxel. “In some cases, to secure funding, you have to demonstrate that you have good cyber hygiene in the execution of that grant.” The results are also indicative of the continual need to secure cybersecurity initiatives and the monetary requirements to reach the necessary minimum level of protection.
Large increase
Slight increase
Stay the same
Slight decrease
Large decrease
38.8%
28.6%
6.1%
0.7%
However, once most organizations establish baseline capability, the question of how much is enough will become more common.
Cybersecurity funding continues to increase.
Where does your organization need the most assistance in securing funding for cybersecurity? Please select up to 5.
Understanding which grants we qualify for
Awareness of available grants
Develping a cybersecurity funding strategy
Assistance applying for grants
Determining the ROI of security solutions
Leadership support/making the case to leadership
Complying with funding requirements
None, do not need assistance
45.6%
44.9%
19.0%
15.0%
10.2%
2.0%
“Governments have not gotten to the point with their general fund revenues or general fund appropriations to implement their full cybersecurity programs,” said SHI Sr. Director of Government and Education Affairs Jeff Strane. “So, they're looking out for grant support as they need it, realizing they need to do something to fill the funding gap.” The focus on funding correlates with the earlier findings, where respondents said inadequate funding was a key barrier in addressing cybersecurity challenges. Grant funding can help state and local agencies close the gap and further their critical cybersecurity goals. However, procurement plays an integral part in not only securing funding but also moving forward with cybersecurity investments at a pace and method that mitigates risk. Troxel noted an important dynamic: “We're seeing procurement offices going back to doing RFPs [and pre-COVID processes]. But at the same time, the biggest concern of our customers is the more rapidly evolving threat landscape. I think the collective approach of procurement professionals being more focused and careful on acquiring things at a time when cyber incidents and the use of technology across lines of business is accelerating, is making it harder for government IT leaders to achieve their goals.” “Now that we’re going back to business as usual in a post-COVID world, how do we take the streamlined processes and approvals forward and still maintain some of the more rigorous, structural aspects?” Sander expanded.
Cyber never sleeps – government agencies must remain agile against threats, strategic in budget, and prepared with a future-ready strategy.
When asked about the cybersecurity programs and projects that are likely to have an increased investment in the next 12 to 18 months, the respondents weighed in on several focus areas, including application security, cloud security, cyber incident response plans, endpoint detection and response (EDR), email security, and identity and access management (IAM). Most respondents report that they've made investments in all major cybersecurity areas aside from secure access service edge (SASE). In most of the below cybersecurity areas, the highest responses indicate the agencies have made investments in these areas and are often expecting to spend even more. Per focus area, the largest amount of respondents (40.1%) made an investment in email security, while the top answers for future investments reflected plans to focus on IAM (36.7%), cloud security (34.7%), and cyber incident response plans (34.7%). Sander shared a significant takeaway: The majority of areas the agencies plan to work on in the next 12 to 18 months are not specifically technology focused but instead internally focused.
“There’s an emphasis on response plans and email, which is an individual employee focus. There's certainly a technology component, but it's more of this kind of integrated programmatic approach. And it’s people-intensive,” said Sander. “Identity and access management falls into that too.” SHI experts also predict that there will be different results in artificial intelligence and machine learning in a year. According to Troxel, “While cybersecurity regarding AI may currently be within the realm of the IT experts like CISOs, and CIOs, the rest of the management structure will grow in involvement and focus in the coming months and through 2024.”
What are the cybersecurity programs/projects that are likely to have an increased investment in the next 12-18 months?
From continual cyber threats to compliance challenges, organizations face a high-risk, highly critical cybersecurity landscape – and the ever-present theme of complexity means a well-established security program is a must.
State and local government agencies weighed in on their security program and strategy. When asked to select all cybersecurity frameworks their organizations rely on, NIST Cybersecurity Framework/NIST 800-53 came out on top at 40.1%. – a great indicator that a large group of respondents have a methodology in place to help understand, manage, and reduce their cybersecurity risk. The data shows state respondents are over twice as likely as city respondents and about 1.5 times as likely as county respondents to say they're relying on the NIST framework. Respondents also reported relying on CIS Critical Security Controls framework (26.5%), while only about 16% say they are using a Zero Trust framework. However, nearly a third (32%) selected ‘do not know’ regarding their current frameworks. SHI can help bridge the gap with our program strategy and operation solutions. We work with you by evaluating the current state of your security program against industry practices and cybersecurity frameworks with strategy and assessment workshops. We’ll develop a comprehensive security program strategy to help you manage risk, maintain compliance, and improve cyber maturity.
Does your organization rely on any cybersecurity frameworks? Please select all that apply.
NIST Cybersecurity Framework/ NIST 800-53
CIS Critical Security Controls
Zero Trust
ISO/IEC 27001
Custom framework
None
40.1%
26.5%
15.6%
8.8%
2X
State respondents are over twice as likely as city respondents and about 1.5 times as likely as county respondents to say they're relying on the NIST framework
Solve what’s next with SHI
The candid insights of state and local government leaders told us cybersecurity is growing: in its complexity to manage, in evolving threats, in proliferation of devices, in security funding needs, and in program strategy requirements. Yet, the intricate web can be simplified – think of SHI as your personal technology concierge. SHI’s security solutions can address your organization’s cybersecurity challenges with insight, expertise, and resources. From protecting your attack surface and improving security maturity to easing procurement and funding, our experts understand today’s cybersecurity environment and how to support and achieve your strategic objectives. Our seamless selection, delivery, and financing options simplify hard decisions for business leaders and IT procurement – helping you select, procure, deploy, and manage with ease. The result: end-to-end visibility, protection, and response across the enterprise.
Start your cybersecurity transformation journey
SHI aligns security experts with your strategic objectives to solve cybersecurity challenges. Contact us today to get started.
