Skip to main content

Select your location

Navigating the unknown: An integrated approach to cybersecurity in 2024

man standing at edge of water with glowing frames on the horizon

Kin + Carta’s survey of over 800 US and UK executives—2024 Leadership Priorities in Tech—revealed that 94% report tech anxiety among senior leadership in their organizations. Cybersecurity is the most common source of anxiety for leaders, and with global cyberattacks rising by 7% in Q1 2023, concerns over cybersecurity are unlikely to abate.

A comprehensive cybersecurity strategy is becoming increasingly important as businesses rely more and more on complex technology and data solutions. The sheer speed of technological change is opening the door to new and fast-evolving threats as enterprises face one of the toughest challenges to overcome—the unknown. 

A new study predicts that worldwide spending on cybersecurity will reach $335.8 billion by 2023. To keep up with their competitors and progressively more sophisticated attacks, companies must invest—but how can they ensure they are spending their money in ways that unlock real value? Companies must be aware of a changing security landscape and partner with cybersecurity experts to address the increasing number of online threats. 

Here we explore the number one source of tech anxiety, and some of the integrated security measures that leaders should be aware of in 2024.  

The number one tech anxiety: fear of the unknown

The biggest and most concerning challenge facing leaders right now is the unknown. Executives in our 2024 Leadership Priorities in Tech told us they ranked cyber security as such a significant source of anxiety because of the speed of evolution of technology and a lack of access to trusted data.  

New cyberattack techniques are constantly emerging, matching the pace of technological innovation. As software develops and changes, so do the angles for exploitation. The rise in state-sponsored cyberattacks is also contributing to cybersecurity anxiety. 

DDoS attacks, for example, also sometimes called zero-day attacks, are a serious cybersecurity challenge that can disrupt websites and online services. They work by flooding a target with traffic from multiple sources, overwhelming its servers, and causing it to crash. This can have a significant impact on a business, leading to lost revenue and productivity. Such attacks exploit vulnerabilities that are yet to be discovered or patched. 

Mitigating these unknown threats demands proactive and multi-layered security measures. Constant vigilance, continuous monitoring, and threat intelligence gathering are all essential in staying ahead of emerging risks. 

In addition to providing employees with the right tools, implementing an incident response plan, and using secure software, a business can become more secure against hidden threats by investing in strong security measures such as: 

  • Training and proficiency
  • Secure coding 
  • Layered security

Read on for a more detailed look at each one. 


What is training proficiency?

Training and proficiency are vital components of an effective cybersecurity program—empowering employees with the knowledge and skills to identify and respond to cybersecurity threats.

Establishing and maintaining a culture of security awareness within an organization is crucial. Employees need to understand their role in protecting sensitive data. Regular training sessions, workshops, and awareness campaigns can help to achieve this.

Continuous training keeps employees updated on the latest cybersecurity threats and best practices. This includes staying informed about emerging attack vectors, vulnerabilities, and security trends.

Organizations should provide employees with:

  • The right tools
  • Incident response plans
  • Security software
  • Regular testing

At a company level, we ensure our staff undertake regular security training, with each community of practice sharing skills and guidelines on the best practices for their specific discipline.

What is secure coding practice?

Secure coding practices involve developing computer software with the intent of making it immune to security exploits and threats. This requires the integration of security measures at every stage of the software development life cycle (SDLC). Developers can significantly reduce the risk of vulnerability in their software systems by adopting these practices.

Some key secure coding practices include encrypting sensitive data, validating input to prevent malicious input, and following secure coding standards. These are just a handful of the many best practices recommended by, who regularly publish updated standards and protocol. These practices are essential for providing securely written code. Secure coding practices have three key goals:

  • Protect sensitive information
  • Prevent data breaches
  • Protect the integrity and availability of software systems

To do all of these things well, it's important to stay updated with OWASP and other global guidelines for secure design and coding. Kin + Carta’s communities of practice encourage the sharing of news and good practice across our different engineering disciplines.


What is layered security?

Layered security is important for strong cybersecurity. It uses multiple layers to protect networks and systems from cyber threats. These threats include unauthorized access and malware attacks. The approach utilizes physical security, network protocols, and application-level protections.


By implementing layered security, organizations can effectively minimize the risk of security breaches and mitigate their potential impact. This defense-in-depth approach ensures that even if one layer is compromised, others can act as additional barriers, making it harder for would-be attackers to access sensitive information or critical systems.


Network security protocols monitor and control network traffic to identify and block malicious activities. Some essential components of network security include:

  • Firewalls
  • Intrusion detection and prevention systems (IDS/IPS)
  • Virtual private networks (VPNs)

These security solutions provide real-time protection against unauthorized access, network intrusions, data breaches, and data theft.


Application security measures focus on securing individual software applications and their associated data. Secure coding practices, input validation techniques, and encryption mechanisms make applications more resistant to vulnerabilities and potential exploits.


By integrating these layers of security, organizations can significantly reduce the likelihood of successful cyberattacks. Layered security provides a comprehensive approach to cybersecurity, enabling organizations to protect their assets, maintain compliance with industry regulations, and foster trust.


Our architects and tech leads follow secure-by-design. Techniques such as threat-modeling are important in preventing security vulnerabilities, and the security controls in place should always be appropriate to the level of risk involved.

The way forward

The key takeaway here is that new vulnerabilities and unknown threats are unavoidable. To continue to meet security demands, it's important to actively listen for new threats and have quick processes and fast teams in place. This includes regularly updating and patching software and infrastructure.


As the work landscape evolves and individuals become increasingly connected, it’s important for cybersecurity to be integrated into all aspects of digital transformation, rather than treating it as a separate entity.


By focusing on security as a top concern in all aspects of a project, companies can more easily recognize and deal with risks, lessen the effects of security problems, and boost their ability to bounce back from any incidents.


Want to learn more about tech anxiety and digital transformation leadership trends? Read our full Leadership Priorities in Tech report to find out how leaders are balancing priorities, building strong data foundations, and making sure they’re ready for whatever 2024 has in store.

Share this article

Show me all