Share
Phew. At long last, as 2024 draws to a close, we reflect on one of the most dynamic years in cybersecurity to date. Our dedicated cyber team has been at the forefront, assisting hundreds of organisations responding to incidents this year. From international enforcement operations to groundbreaking legislation, the developments of 2024 will have a lasting impact on the global cybersecurity landscape.
In February 2024, a major breakthrough came with the successful disruption of the Ransomware-as-a-Service group LockBit by the UK’s National Crime Agency (NCA) and the US Federal Bureau of Investigation (FBI).This operation showcased the growing international collaboration between law enforcement agencies to tackle cybercrime syndicates. LockBit, responsible for numerous high-profile ransomware attacks, has been a significant player in the cyber threat landscape, and its disruption sent a strong message to cybercriminals worldwide.
Fast forward to October 2024, which marked two major developments in EU cybersecurity regulation. First, the Network and Information Security 2 Directive (NIS 2) reached its implementation deadline for EU member states. Although not yet implemented by all EU member states, NIS 2 has already begun transforming the regulatory landscape by expanding the scope of existing cybersecurity obligations. The NIS 2 directive applies to a broader range of essential and important entities, introduces stricter risk management, risk management requirements, and harmonises incident reporting processes across the EU. The penalties for non-compliance have been significantly increased, further emphasising the EU’s commitment to a robust cybersecurity framework.
The second major development in October was the EU Cyber Resilience Act (CRA) coming into force. This legislation addresses vulnerabilities in connected devices and software products, mandating higher security standards for manufacturers and developers. With a three-year compliance window, this Act underscores the EU’s proactive approach to securing the Internet of Things (IoT) ecosystem. Importantly, it applies to non-EU companies selling products in the EU, reflecting the extraterritorial nature of modern cybersecurity regulations.
The US also saw significant developments in 2024. The National Cybersecurity Strategy Implementation Plan, rolled out in June, has provided a roadmap for the federal government and private sector to strengthen digital defences. Key pillars include enhancing public-private partnerships, securing supply chains, and bolstering critical infrastructure protection. The US also introduced federal incentives for organisations adopting zero-trust architectures, a move aimed at pre-empting sophisticated cyberattacks.
Related article: Looking ahead: Our cybersecurity prediction: the year of resilience
This article was co-authored by Joshua Curzon, Trainee Solicitor.