2024 Annual Report Web Version

Welcome to the web version of the 2024 UC Cyber Risk Program Annual Report! We've made the stories from the report available here for you to read and share with others. You can also read the report in its entirety in PDF form.

"This year, we’ve seen governance and compliance converge, with new standards and external factors shaping our tools and practices. These overlapping requirements highlight key issues we must address, especially where compliance intersects with systemwide needs. We’re focused on building a roadmap to strengthen our systemwide approach."

—Van Williams, Vice President of IT and Chief Information Officer, University of California

Welcome Letter

As we reflect on another year of progress, we’re proud to highlight how far the Cyber-risk Coordination Center (C3) group has come in making the University of California more cyber secure. Over the last decade, C3 has been dedicated to safeguarding UC’s digital landscape. To commemorate this journey, we’ve created a timeline capturing some of the most significant events that have shaped our cybersecurity efforts.

With strong executive-level support, we’ve moved beyond creating and executing cybersecurity awareness programs to making these efforts even more efficient by streamlining operations and maximizing our cybersecurity investments. Some of our ongoing initiatives—such as the IT Policy and Security (ITPS) Community, Cybersecurity Awareness Month, Cyber Security Summit, and UC Tech Academy programs—show lasting impact, helping us foster a more secure environment systemwide.

This report also features stories highlighting innovative approaches and improvements to cybersecurity. From defining a vision centered on digital risk to combating credential phishing to reducing attack surfaces, these stories showcase the evolving landscape and UC’s continued commitment to cybersecurity excellence.

—Monte Ratzlaff, Director, Cyber Risk Program and Interim Systemwide Chief Information Security Officer, Office of the President

Industry Predictions for the Future of Cybersecurity

Here are some industry cybersecurity predictions:

Through 2025, securing generative AI will drive a more than 15% incremental spend on cybersecurity resources.
By 2027, 50% of large enterprise CISOs will adopt human-centric security behavior and design practices to minimize human risk and maximize control adoption.
By 2028, enterprise spend dedicated to battling malinformation, a new threat vector, will surpass $30 billion, cannibalizing 10% of marketing and cybersecurity budgets.

Sources:

Gartner Research Predicts 2024: AI & Cybersecurity — Turning Disruption Into an Opportunity.
Gartner (2024, February 22). Gartner Identifies the Top Cybersecurity Trends for 2024 [Press release].
McCartney, Ava. (2023, December 4). Gartner’s Top Strategic Predictions for 2024 and Beyond.