As we step into the predictions season, RingCentral's team of experts offers insights into the evolving landscape of cybersecurity, the increasing importance of cyber expertise in corporate boards, the role of AI governance, the need for application rationalization, and the anticipated developments in privacy regulations for 2024.
Michael Armer, CISO, RingCentral
Security Shifts from a Cost Center to a Business Driver
As cyber threats have escalated in recent years, corporate boards and other business leaders have started to grasp the importance of cybersecurity. However, many organizations still often view security as its own domain and see security teams as separate entities operating outside the flow of business. Over the next year, we will see a shift in thinking across the industry, where business leaders begin embracing the idea of security as a business driver, and not just the cost center it’s been perceived as traditionally. IT and security teams will become increasingly enmeshed with business operations as companies embrace the concept of security as a strategic component of their business. With security so tightly intertwined in every aspect of operations, business leaders are only beginning to understand that it can no longer be treated as a separate entity. This is the year where the companies that recognize that the business of security is also business itself will be rewarded.
Corporate Boards Prioritize Cyber Experience
When the SEC’s cybersecurity disclosure rules were finalized, they removed a provision that would have required companies to disclose the cybersecurity expertise of its board members. While this requirement was not ratified in the final rules, I believe that its potential inclusion made an impact. Over the next year, corporate boards will prioritize onboarding members that combine cybersecurity experience with business acumen. From securing valuable IP to privacy and trust issues to reputation management, cybersecurity has evolved into a board-level issue. While not every board will look to include a dedicated cybersecurity expert, we will see boards collectively turning to individuals with the requisite security and risk expertise to provide much-needed oversight. Over the next year, we will see a shift in corporate boards where cybersecurity knowledge becomes a meaningful part of the balance of a board’s expertise.
A Year of AI Governance
AI adoption is taking place at a breakneck pace. Companies are under immense pressure to identify innovative ways to leverage AI and create differentiation. The reason is simple: because if they don’t, their competitors will. I don’t see the rush to implement AI slowing down any time soon, but to mitigate the risk of unchecked AI, I believe that leadership teams will start to put some controls in place around its adoption. Over the next year, AI governance will start to catch up with AI deployments as companies establish and build out institutional and legal structures around the use of artificial intelligence.
Ashu Varsney, CIO, RingCentral
Application Governance and Rationalization as a Strategic Priority
During the pandemic, we saw digital transformation initiatives accelerate. Many departments were empowered to make their own technology purchases, which led to overspending and, in hindsight, superfluous and unproductive investments. Reducing workforces now have hundreds of excess, dormant licenses and software assets are becoming more of a detriment as they go unused, costing companies millions in licensing fees. As we head into an uncertain economic climate, we can expect to see businesses consolidate and take inventory of applications across the enterprise to identify redundancies and over-subscriptions.
AI Will Revolutionize Business Communications
AI is bringing tremendous value in properly categorizing and routing incoming customer tickets and calls, automating the responses of frequently asked questions and repeated requests, and providing the right assistance to resolve the tickets faster. As AI becomes more embedded in business communications and everyday operations, future advancements will lead to more accurate and context-aware systems, making business communications more successful and more efficient.
Enablement of a Hybrid Workplace
The widespread shift to a hybrid work model has accelerated investments in digital transformation. This increased reliance on SaaS technology means increased ways in which applications can provide a conduit for unwanted parties to access corporate data and assets and potentially cause as much harm as leaving an endpoint unprotected. To secure communication, mobility and collaboration of employees and customers it will be important for organizations to ensure the quality of interactions through the implementation of a single UcaaS and CcaaS platform.
Paola Zeni, Chief Privacy Officer, RingCentral
Maintaining CISO & CPO Synergy
While security and privacy may share similar strategies, the two often operate independently, thus overcomplicating matters resulting in a competition for attention and resources. Getting security and privacy teams aligned will be a critical part of maintaining robust security postures in 2024. We hope to see Chief Privacy Officers and Chief Information Security Officers working more as a team to better leverage opportunities for synergies and a holistic approach to data protection. With increased synergy between CPOs and CISOs in 2024, organizations will be better enabled to turn privacy into a competitive advantage, instead of a source of friction.
National Privacy Regulations May Not Be Imminent, But the Time to Prepare is Now
This past year, we saw new privacy laws go into effect in California, Colorado, Connecticut, Utah, and Virginia, just to name a few. Despite no federal regulations on the horizon, we can expect to see new state-level bills as the privacy landscape continues to evolve. To address the challenges with the country’s current patchwork approach to privacy, it will be important for enterprises to evaluate their compliance standards and consider adopting consistent standards across the nation. By enforcing requirements from the most stringent state in which the business operates, organizations can better be equipped to handle new state-level bills as they arise.
AI Will Require Trusted Vendor Partnerships and Transparency
With AI in a constant state of evolution, AI compliance must become a responsibility that providers and customers share. Businesses should seek providers that are transparent when it comes to disclosing information around their AI, how it works, and what it’s used for. When transparent and trusted partnerships are formed, businesses can meet disclosure requirements and better keep pace with evolving regulations.
AI Regulations Will Be On The Horizon
Although it’s difficult to predict for certain whether AI will make it to the top of the Federal priorities in 2024, we may see AI regulations start to come in at the state-level. With the lack of national regulation, states may take matters into their own hands and roll out state-based AI rules, similar to how California deployed the CCPA in the absence of a national data privacy law. To prepare for pending regulations, companies should adopt a strong governance by bringing together AI stakeholders, adopting policies around AI use, introducing AI risk assessments into vendor due diligence processes, and adding information about AI to their terms and to customer collateral to ensure maximum transparency.