top of page

A look ahead at the cyber trends for 2024

According to a recent report released by the Federation of Small Businesses (FSB), 72% of SMEs have experienced cybercrime in the last two years.


And this year, cybercrime will pose an even bigger threat to organisations, with criminals developing ever-more sophisticated approaches to target the vulnerable, making the investment in cyber resilience greater still for businesses to ensure they’re protected.


Here, we look at the cyber trends for 2024 and what companies need to be aware of.

·       Increasingly sophisticated phishing attacks

With the growing accessibility of AI, such as ChatGPT, attackers are able to create more advanced and believable phishing attacks, designed to trick individuals into revealing account credentials or providing the opportunity to access networks. In order to respond to this increasing threat, organisations need to implement measures to improve awareness and to educate the workforce.


·       An increase in attacks in ransomware

Between April 2022 and March 2023, the UK was the second most attacked country in the world for ransomware according to research conducted by ransomware specialist Marcelo Rivero


And it’s not going to stop. Ransomware – a malicious software designed to block access to a computer system or data until a sum of money is paid - can cripple operations, lead to substantial financial losses, and compromise sensitive data. Unfortunately, the frequency of these attacks is increasing, which we’ll see over the course of 2024, making it more crucial than ever for SMEs and individuals to implement basic cyber security measures if they haven’t already.


·       More attacks on SMEs

Here we will potentially see criminals targeting organisations that are vulnerable rather than valuable. Larger organisations with bigger budgets can protect themselves with high-level cyber security, making them more difficult to successfully attack.


However, SMEs are less likely to have cyber security procedures in place due to lack of funding, a lack of understanding of the threat and a belief they’re too small to be targeted. Yet this just isn’t the case, with a recent figure from the insurance sector suggesting that over 90% of victims are SMEs. There are simple, cost-effective measures small companies can implement without needing a big budget, such as strong and unique passwords, 2-factor authentication and backing up all important data and of course the WCRC FREE Core Membership.    


·       More cases of Double extortion 

This is when cybercriminals maximise their financial opportunities through a two-pronged attack approach. A good example of this can be demonstrated via a cybercriminal gang called the Black Bastas’ ransomware tactics. It has been active since April 2022 and has successfully employed a double extortion strategy. As well as encrypting victims’ data, the gang has also threatened to leak sensitive data and information. It’s estimated to have received over $107 million in Bitcoin ransom payments, so it is predicted that this criminal business model will continue to become more prevalent.


Cyber security for your business, no matter what size, is critical to keeping criminals at bay, especially when their techniques are becoming ever-more sophisticated. At the WCRC we can assist you in putting the right procedures in place to ensure you’re better protected.


Here are just a few things you should consider:

Make sure staff are aware of the type of attack, and methods to identify them to help strengthen an organisation’s cyber resilience. The WCRC can provide bespoke staff awareness training tailored to the threats your company and employees might face.

Have policies and procedures in place which cover data control and access. Consider limiting the number of attachments employees send out at once and set out policies that cover data handling and password security that staff members can follow.

Create a robust incident response plan. Once an attack has occurred this is a step-by-step process in handling the incident.

If security awareness training is of interest to you, the WCRC offers bespoke sessions aimed at those with limited cyber knowledge. It’s a great opportunity for businesses to help employees grow in confidence when it comes to understanding and preventing cyber risks, how to spot any suspicious activity and to feel empowered to raise concerns.

For resources, toolkits, regular cyber news, threat updates and more, sign up for the centre’s FREE membership programme.






The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page