After the cost of the average data breach reached a record-breaking $4.45 million in 2023, business leaders will spend next year prioritizing their data security efforts

London, England, November 28, 2023 – Metomic, a next generation data security solution for protecting sensitive data in the new era of collaborative SaaS, today announced its top five data security predictions for next year. According to Metomic CEO Rich Vibert, with input from his team of data scientists and security engineers, 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management (DSPM) technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors.

According to IBM’s latest industry report on data security, the average cost of a data breach in 2023 reached a record-breaking $4.45 million—up 15% over 2020. The financial implications alone are enough to end a business, but data breaches can also have a devastating impact on brand reputations and customer perceptions about a business.

“Security leaders have their hands full. As workforces become more distributed, they’re not only protecting their networks against attacks from bad actors and cyber criminals, they must monitor their cloud-based systems to ensure employees are not unknowingly and unintentionally exposing sensitive company data,” said Rich Vibert, CEO, Metomic. “It’s a difficult balance to maintain and manage a large-scale SaaS ecosystem. On one hand, you want to make sure your employees have the technology tools they need to be as productive as possible, but you also must monitor these platforms to make sure sensitive data—things like personally identifiable information (PII), login credentials or confidential company information—are not flooding into collaborative work tools, or being stored there for too long, putting company data at risk. As companies look to create more operational efficiencies using SaaS tools, this balance will be even more critical in the coming year.”

Metomic’s Top 5 Data Security Predictions for 2024

Prediction #1: CISOs will demand better visibility over where sensitive data is being shared and stored in SaaS applications.

Effective data security starts with understanding where your sensitive data is stored. After all, you can’t protect what you can’t see. Currently, data security is primarily happening in silos, with most efforts focused on databases and warehouses. But this tactic fails to protect any data that lives in SaaS applications used across business units.

In the coming year, CISOs and security professionals will take great control of their company’s sensitive data and expand their focus beyond data warehouses to encompass all of their cloud vendors - a large part of which is their SaaS ecosystem. By implementing security solutions that enable security professionals to see exactly where data is stored and shared, as well as who has access to it, organizations will be better equipped to detect, connect, and protect sensitive data across their entire cloud estate, from one unified platform.

Prediction #2: Data security tools and DSPM solutions that seamlessly integrate with other security tools will become key components of the full security tech stack.

The security industry is already witnessing vendor consolidation across multiple sectors—a move that enables security teams to improve operational efficiency and create more holistic measurements of security performance efforts. As security leaders look for new ways to drive productivity and improve efficiencies, more attention will be given to data security tools and DSPM solutions that seamlessly integrate into their organization’s primary security platforms, including Security Information and Event Management (SIEM) systems and even ticketing managing tools like Jira.

In 2024, Data Security Posture Management (DSPM) adoption rates will climb with data security becoming a key component of the overall security strategy.

Prediction #3: DSPM tools will evolve beyond DLP, moving from individual data point detections to delivering high-impact insights that help security teams identify sophisticated, high-level risk patterns.

In the world of SaaS, there are billions of sensitive data points in motion at any given time across an organization’s technology infrastructure. The multitude of such massive datasets makes it extremely difficult for DSPM tools to protect sensitive data on a datapoint-by-datapoint level—there is simply too much noise. As the amount of data continues to grow, security teams will need DSPM solutions that allow them to prioritize security risks based on the financial implications of a potential incident and make decisions accordingly.

Over the next 12 months, DSPM tools will become more advanced to meet these needs, evolving from simply monitoring individual data points to delivering high-impact data security insights that put a spotlight on high-level risk patterns.

Prediction #4: “Human Firewalls” will gain popularity as employees play a more active role in their organization’s data security efforts.

As data monitoring becomes even more pervasive across cloud-based environments, particularly within SaaS ecosystems, it will become increasingly difficult for security teams to investigate and respond to a continuous stream of security alerts. By training the wider workforce on data security issues and red flags, security teams will be better equipped to identify external threats, as well as any internal data vulnerabilities caused by unsuspecting employees.

Next year we will see more companies utilize these “Human Firewalls'' within their overarching security strategies, empowering employees outside of the IT and security departments to identify and respond to potential threats in real-time.  

Prediction #5: Security professionals will enforce new policies to regulate how employees use generative AI platforms, while exploring ways to leverage AI within their security efforts.

Whether it’s employees using ChatGPT to write emails or AI-powered chatbots that engage directly with customers, AI feeds off data. In 2024, security professionals will establish comprehensive policies to regulate how employees use generative AI tools and create new rules to keep sensitive business data from being put into generative AI platforms.

Meanwhile, artificial intelligence will play a crucial role in enhancing DSPM capabilities, potentially enabling security tools that can help protect data from being shared with non-compliant generative AI platforms. AI-powered DSPM solutions will not only identify critical risks but also recognize and mitigate risks originating from AI systems themselves.

“The massive AI advancements we’ve seen within the security sector during the last 12 months have been astounding and there are no signs that the innovation will slow down,” said Vibert. “The security leaders who are able to stay ahead of the trends and prioritize effective data security strategies will be the ones best equipped to protect their company’s systems, while also maximizing productivity across the numerous cloud-based tools their organization uses to get work done.”

To learn more about the state of DSPMs, and how the technology works alongside Data Loss Prevention (DLP) tools, be sure to watch the ‘From DLP to DSPM: Where Are We Headed with Data Security Posture Management?’ webinar. It is an insightful conversation between Richard Vibert, Sunfire’s CISO Christopher Reed, and GitGuardian’s Developer Advocate Mackenzie Jackson that explores the multiple layers of a security tech stack, the challenges of controlling data in the cloud, and how to find the right DSPM solution for your company’s unique security needs.