New forecasts for the ten biggest cybersecurity threats for 2030

Cyber security is a dynamic and evolving field. It is not just IT security managers who have to constantly adapt to protect their organisations from emerging threats. Security analyses can also change.

The European Network and Information Security Agency (ENISA) has therefore published an update 2024 for the report “Foresight Cybersecurity Threats for 2030”. As there have been significant developments over the past two years, the study has now been updated. The new analyses are based on the findings and assessments of 33 experts from industry, academia, and government authorities, which were collected in surveys and workshops.

Top 3 cybersecurity threats for 2030

The “supply chain threat from software dependencies” remains at the top of the list, although the assessment of its impact and likelihood of occurrence has decreased slightly. This continues to be driven by the increasing integration of third parties and partners into the supply chain, creating new vulnerabilities and opportunities for attack.

The threat of skills shortages has moved up significantly and is now the second most important cybersecurity threat for 2030. ENISA is concerned about the willingness and ability of companies to develop a competent workforce and close the cybersecurity skills gap.

The threat of ‘human error and exploited legacy systems in cyber-physical environments’ remains in third place. This is particularly relevant to OT and IoT systems within an organisation.

Rising cybersecurity threats for 2030

The reassessment of threats and likelihood of occurrence has resulted in two new entries in the top 10 list. “Exploitation of unpatched and outdated systems within cross-sector partners and ecosystems” now ranks 4th among the top cybersecurity threats in 2030. It was ranked 15th in the original 2022 study.

The second new entry completes the ENISA Top 10 in 10th place: The threat “Physical impact of natural and environmental disruptions on critical digital infrastructures”, which assesses the potential dangers of natural and environmental disruptions to important and essential infrastructures.

“Lack of analysis and control of space-based infrastructure and objects” slipped to 11th place and “Targeted attacks (e.g. ransomware) amplified by data from smart devices” to 12th place.

Overall, the ENISA study continues to identify 21 relevant threats and the results are still worrying. The changes in the forecasts for 2030 mainly reflect an increased awareness of the vulnerabilities associated with outdated systems and the potential growing physical impact of digital infrastructure on our lives.

The forecasts also show that AI-related threats are becoming increasingly likely. Accordingly, one of the four new threats proposed by the experts was “overreliance on algorithms”.

This might also interest you:

Threat Modelling: Guidelines for creating practical threat models

Supply Chain Security: Strategies and Good Practices

Use OSINT tools for cyber security

Sources:

Original study from 2022: https://www.enisa.europa.eu/publications/foresight-2030-threats
Update of the study from 2024: https://www.enisa.europa.eu/publications/foresight-cybersecurity-threats-for-2030-update-2024-extended-report
Executive Summary: https://www.enisa.europa.eu/publications/foresight-cybersecurity-threats-for-2030-update-2024-executive-summary