While it’s easy to foresee several current trends continuing into next year, 2020 isn’t shaping up to be just more of the same.

Among some of the most surprising developments in the new year is the high interest in adding quantum strategies to cybersecurity plans. Shareholder lawsuits are equally surprising as they gain traction against board members and thus are a rising enterprise threat.

An increase in Raspberry Pi popularity in IoT networks makes sense, but who saw that coming to the point that Raspberry Pi becomes a backbone for IoT? Conversely, VPNs look to be facing a surprising but potentially serious disruption, at least in the disaster recovery (DR) market.

Perhaps most alarming is the expectation of some experts that cyberthreats will leave bigger footprints on reality than the traditional data theft and all that implies.

BitSight’s Jake Olcott

“Despite years of warning, governments still haven’t invested in the cybersecurity of critical infrastructure, as highlighted during the March 2019 attack on the U.S. energy grid. In 2020, a Western government will be forced to quell looting and rioting when a cyberattack disrupts their electric grid,” predicts Jake Olcott, VP at security ratings company BitSight.

Even so, many attackers are going to go considerably more low-key next year.

“Zero-day vulnerabilities receive the most attention from the media, but in 2020, hackers won’t bother with these highly publicized attacks; instead, they will home in on simple strategies, like gaining access to a network through an org’s vendor or third-party or through lack of patching,” said Olcott.

“The NSA reports that it responds to intrusions from zero-day vulnerabilities very rarely — instead its time is taken up with incidents where unpatched hardware and software have been exploited.” Olcott added.

Most organizations will need a bigger budget next year to protect the ever-expanding threat surface and expand their defensive arsenal. In any case, cybersecurity is now a top critical risk for businesses of any size and the evolving issues require your full attention.

According to ISACA, CMMI and Infosecurity Group’s “State of Enterprise Risk Management 2020” study, 29% of respondents found that cybersecurity is the most critical risk category facing enterprises today and 33% believe that information/cybersecurity risk will be the most critical category of risk facing their organization in the next 18-24 months.

However, security pros should also take heart because all is not lost. Attackers wouldn’t have to work so hard to change their strategies and tactics if the security measures already in place weren’t so effective.

“As 2020 rolls up, it’s important to take a step back and understand the average internet user has never been safer. Automatic updates, embedded phishing protection and more help ensure the average user is safe to run his life online,” said Daniel Goldberg, senior security researcher at Guardicore.

“The flipside is that the check is coming due for a lot of organizations, large and small, that have failed to protect their company and customers’ data,” Goldberg added.

Click through the slideshow above to see what else the experts say 2020 has in store.