Cybersecurity teams have not had it easy in the last 12 months. Staying on top of the latest and emerging cyber threats as 2024 unfolds will be vital to protecting their organisations’ networks, systems and data.

UK lawmakers have called on the government to take effective action to tackle cyber-attacks, which have not only become a threat to organisations worldwide, but also to national security1. Cybercrime is now part of everyday life and with attacks also becoming more widespread and more sophisticated, the challenge of defending against cyber threats is greater than ever.

Here are some of the greatest cybersecurity challenges we can expect to see in 2024 and beyond — and what organisations can do to protect themselves.

AI-Powered Attacks

This year, we can anticipate the emergence of AI-powered cyber-attacks that can autonomously identify vulnerabilities, adapt to security measures, and exploit weaknesses in real-time. These attacks will be highly disruptive, as they can evade traditional security measures and cause significant damage.

In addition, sensitive data entered into an AI-powered chatbot (unintentionally or intentionally) can result in exposure of this data to the public, threat actors, or competitors. Even more concerning, perhaps, is the ability of attackers to manipulate AI models by injecting inaccurate data. Security policies should address the challenges of using AI, prohibit its use when necessary, and include monitoring systems to identify and mitigate associated risks.

Biometrics Hacking and Deepfakes

The UK experienced a 300% rise in deepfake cases from 2022 to 20232.

Biometrics verification and authentication have become widely adopted in recent years, but despite using an individual’s unique features, they are not fool-proof. Determined hackers can still gain access to fingerprint and captured facial recognition information. Biometrics can also be ‘stolen’ by capturing an individual’s likeness using photographs, video, or audio recordings — recreating the content to trick a biometrics system.

Taking these methods even further, fraudsters can slice a recording into syllables and sounds, then use AI to create sentences from these building blocks, which can be manipulated to produce deepfake audio or video content. We predict these types of attacks will become more successful in 2024. Organisations and individuals must be vigilant and verify the authenticity of media content before accepting it as true or sharing it.

Phishing and Its Various Guises

79% of UK businesses that suffered a cyber-attack in 2023 identified phishing as the cause3.

Phishing remains a pervasive cybersecurity challenge for organisations of all sizes, whereby attackers attempt to trick individuals into disclosing sensitive information or performing unauthorised actions. These tactics include spear phishing (fraudulent personalised messages), search engine phishing (manipulating search results), business email compromise (impersonating executives) and clone phishing (replicating legitimate sources), to name a few.

The ever-growing range of phishing techniques highlights the importance of implementing strong cybersecurity measures to safeguard against constantly evolving threats. AI platforms are amplifying the threat of phishing, as attackers can use AI to craft more convincing scam messages and fake content.

Internet of Things (IoT) Exploitation

The proliferation of IoT devices has significantly expanded the attack surface for cybercriminals and many of these devices lack sufficient security. In 2024, we should be prepared for a surge in attacks wherein hackers target vulnerable devices to gain unauthorised network access or launch large-scale distributed denial-of-service (DDoS) attacks.

As IoT devices become more integrated into critical infrastructure, the risk of attacks rises along with the potential for bigger financial losses and disruption to essential services. Individual and organisations must prioritise IoT security by implementing strong authentication protocols, regularly updating firmware, and conducting thorough vulnerability assessments.

Quantum Computing

45% of organisations are already preparing for quantum computing cybersecurity risks4.

Quantum computing has gained momentum as it leverages the principles of quantum mechanics to solve problems considered impossible for traditional computers. However, quantum computers have the capability to break current encryption algorithms, rendering traditional cryptographic methods obsolete. Cybercriminals can exploit this technology to decrypt sensitive data or forge digital signatures. To counter this threat, organisations should explore quantum-resistant encryption methods and invest in post-quantum cryptography.

Supply Chain Attacks

Only 13% of businesses say they review the cyber risks posed by their immediate suppliers, and just 8% are looking at their wider supply chain5.

Cybersecurity in supply chains is still an area where organisations lack awareness, despite the rise and severity of attacks. In 2024, supply chain attacks like the 2020 SolarWinds breach6 are expected to become increasingly disruptive. These types of attacks see cyber-attackers target supply chains to reach multiple victims in one hit via software providers and hardware manufacturers. Attackers insert malicious code or hardware into products, compromising the entire supply chain, and potentially creating back doors for future cyber-attacks. Organisations must prioritise supply chain security to mitigate this risk by thoroughly vetting third-party vendors and suppliers and ensuring software is regularly updated.

Gallagher can help you prepare for and defend against today’s array of cyber threats. Find out more about Gallagher’s Cyber Defence Centre or connect with our Cyber Risk Management team

Author Information


1. Manancourt, Vincent. UK vulnerable to ‘catastrophic’ ransomware attack, MPs warn. Politico (13 Dec 2023).

2. Sumsub Research: UK Deepfake Incidents Surge 300% from 2022 to 2023 PR Newswire (28 Nov 2023).

3. Griffiths, Charles. The Latest 2024 Phishing Statistics. AAG IT (1 Feb 2024).

4. Rathnayake, Dilki.The impact of Quantum Computing on cybersecurity Tripwire (3 April 2023).

5. Cyber security breaches survey 2023. GOV.UK (19 Apr 2023).

6. Oladimeji, Saheed and Sean Michael Kerner. SolarWinds hack explained: Everything you need to know. Tech Target (3 Nov 2023).


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.

Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 55 Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909.