CYBER: Navigating the Evolving Cybersecurity Threat Landscape

A version of this story, and associated stories, appear in the 2024 Cyber Risk Program Annual Report. Read the report in its entirety. 

As outlined in the 2024 Cyber Risk Program Annual Report, the University of California continues to strengthen its cybersecurity posture by focusing on evolving threats, advancing security AI/automation, and conducting regular incident response testing.

Looking ahead, UC leverages cybersecurity industry predictions to anticipate emerging threats and enhance its preparedness for future challenges.

Industry Predictions for the Future of Cybersecurity

Three standout industry trends from the 2024 Cyber Risk Program Annual Report include:

Through 2025, securing generative AI will drive a more than 15% incremental spend on cybersecurity resources.

UC leads AI initiatives and working groups through collaborative efforts, working groups and committees that explore AI’s role in advancing cybersecurity and education. Read more about these efforts:

UC AI Council

Presidential Working Group on AI

AI at UC

By 2027, 50% of large enterprise CISOs will adopt human-centric security behavior and design practices to minimize human risk and maximize control adoption.

Human-Risk Management (HRM) is the structured approach in how organizations secure people, addressing for most organizations what is now their greatest vulnerability—their workforce (source: The SANS Institute). UC is adopting this shift to human-risk management, which is a new approach to security awareness. Read more about it in the 2024 Cyber Risk Program Annual Report.

By 2028, enterprise spend dedicated to battling malinformation, a new threat vector, will surpass $30 billion, cannibalizing 10% of marketing and cybersecurity budgets.

Malinformation is “information that is based on truth (though it may be exaggerated or presented out of context) but is shared with the intent to attack an idea, individual, organization, group, country or other entity.” (source – Princetonlibrary.org)

Monte Ratzlaff, the University of California system’s chief information security officer (CISO), has been advancing UC’s cybersecurity posture for over 15 years.

Reflecting on the evolving digital landscape, Ratzlaff remarked, “As we navigate an increasingly complex digital landscape, our commitment to robust cybersecurity practices remains steadfast. And while cybersecurity remains a cornerstone of our digital strategy, our focus has broadened to encompass the full spectrum of digital risk, including data privacy, third-party risk and emerging technologies like generative AI.” Ratzlaff continues, “Simultaneously, we’re proactively addressing emerging challenges such as securing generative AI technologies and combating malinformation, ensuring that our defenses evolve in tandem with the threats we face.”

Cybersecurity Risks

Recent data highlights an escalation in cybersecurity threats, with notable increases in attack frequency, sophistication and financial impact. The following statistics underscore the urgent need for enhanced digital defenses.

Benefits at a Glance

Beyond mitigating threats, organizations that invest in strong cybersecurity measures reap significant benefits, including faster identification of and resolution to breaches, and decreased costs. The following data points illustrate how proactive security strategies contribute to overall organizational success.

Changes from 2023 to 2024

The following graphic illustrates key cybersecurity metrics, highlighting shifts in threat patterns and organizational responses from 2023 to 2024.

Learn More About UC Cybersecurity

Please note: The Cyber-risk Coordination Center (C3) is now UC Digital Risk and Security. This change reflects the focus on providing valued digital risk services and expertise to UC Locations and managing risk across the UC system.

2025 UC Cybersecurity Summit – August 19 and 20, 2025: Mark your calendars! The 16th UC Cybersecurity Summit will take place virtually on August 19 and 20, 2025. Keep an eye on the Cybersecurity Summit website for more information.