By Kris Lovejoy, Global Cybersecurity and Resiliency Leader at Kyndryl
By all accounts, 2024 will be the largest election year in world history, with national elections in more than 60 countries, including the highly contentious U.S. presidential race. At the same time, state-sponsored actors have been linked to numerous attempts to disrupt elections, such as AI-generated deepfake videos and widespread disinformation and misinformation campaigns. In fact, a Center for Security and Emerging Technology study found that the use of AI-manipulated media has increased threefold over the past two years. As a result, the criticality and public scrutiny of election integrity have greatly intensified. That is why it is imperative for global leaders to understand the issues surrounding election security and the measures necessary to help protect the world’s democratic processes.
Increased digital systems require increased security
As the world has moved to digital systems, exposure to cyber threats has grown exponentially. A recent survey of public- and private-sector IT decision-makers found 92% of their organizations have experienced adverse events that compromised their IT systems. Among the most alarming and growing risks is the susceptibility of critical infrastructure such as utilities and telecommunications to cyber disruption.
Digital voting systems are no exception. Elections are increasingly moving off mainframe systems and onto the cloud. While offering many benefits, the transition from mainframe systems to cloud-based platforms introduces new cybersecurity challenges to election security. Cloud-based election infrastructure exposes more potential points of failure that malicious actors could exploit. The combination of increased exposure and proliferating threats demands urgent action to address these risks.
Disinformation and misinformation grow in volume and sophistication
While securing and modernizing the technical aspects of election systems is paramount, the threats posed by disinformation and misinformation can’t be overlooked. These propaganda campaigns — often amplified through social media, generative AI and state-sponsored actors using botnets — have proven their potential to manipulate public perception and undermine trust in the electoral process. The challenge lies in not only preventing these incidents but also effectively countering the disinformation that follows.
Public-private collaboration is essential
Securing digital election systems requires a coordinated effort between the public and private sectors. To mitigate the impact of increasing cyber threats, governments around the world are implementing stringent cybersecurity regulations. These directives significantly strengthen cyber governance as the digital economy evolves.
Many emerging regulations place responsibility for cybersecurity on company leaders, their boards of directors and their major third-party services providers. For example, both the European Union (EU) and U.S. Securities and Exchange Commission (SEC) have tightened the requirements for business entities to disclose their cyber risks and incidents. These regulations potentially affect all participants in the globally interconnected digital economy.
People are still the weakest link
Even with the increasing prevalence and sophistication of cyberattacks, human error remains the largest single risk in protecting digital information. This reality underscores the critical importance of culture and mindset in protecting against cyber disruption — specifically, the need for ongoing cybersecurity awareness and training initiatives. Business leaders must ensure that their entire organization, from the C-suite to the front lines, acquires the knowledge and skills necessary to identify and mitigate cyber threats.
The cybersecurity industry also faces a critical shortage of skilled professionals: the current gap of 4 million security professionals is estimated to reach 85 million by 2030. Addressing this gap is a strategic imperative because even with the increasing use of AI to enhance cybersecurity efforts, humans remain essential to making nuanced decisions and providing ethical oversight. This is particularly true in the context of critical elections.
Collaboration is the key to the future of election security
Safeguarding elections during this unprecedented year and beyond must be a collective responsibility. Addressing the multifaceted challenges of election security will require ongoing collaboration between the public and private sectors. Government agencies must work closely with technology providers, election officials and cybersecurity experts to develop and implement robust security measures.
Despite the daunting risks, there is cause for optimism. Governments and the private sector have been managing cyber incidents for years, gaining insights and refining skills in response to each new challenge. By continuing these collaborative efforts, implementing targeted regulatory measures and focusing on strengthening the human factor, we have a clear pathway to help protect the democratic process around the world.
In recognition of Cybersecurity Awareness Month, this is the second installment of a series in October that highlights how organizations can go from risk to resilience.
¹ Statista, 2024: The Super Election Year
² World Economic Forum, The cybersecurity industry has an urgent talent shortage. Here’s how to plug the gap, 2024