1. There will be more breaches.
Like death and taxes, data breaches are another unfortunate certainty. And because of this certainty, we expect that a number of “subtrends” will emerge in 2017. For one, there will be more public disclosure and transparency following breaches because of increased scrutiny and less stigma. People today understand that breaches are a reality and companies can recover from them. Generally, the market is more forgiving if the breached company is both prepared and transparent from the get-go. The market realizes that data breaches are part of doing business online and that organizations need to prepare for and respond to appropriately. Similarly, you’ll see more organizations shift to prepare and respond instead of just reacting.
2. There will be increased oversight and governance around cybersecurity.
Increased oversight and governance is a consequence of the first trend—and we expect to see this trend grow in several different ways over 2017:
Board oversight will continue to increase. Boards today want to understand and become more aware of cybersecurity, and management wants to know how to better report risk information and cybersecurity strategy in a language the board is fluent in. We’re also expecting to see the frequency of board-level reporting on risk and security increase. Some CIOs or CISOs are reporting on cybersecurity monthly to the board, which is a massive shift—and we expect to see this trend continue.
Regulatory interest will continue to build. After the Yahoo breach, six U.S. senators called for further investigation—showing an increased interest in cybersecurity from the federal government. Additionally, in the last several years, some of the largest and most publicized breaches, including Wendy’s, OPM, T-Mobile, Lowe’s, Dairy Queen, Home Depot, and Target, were third-party incidents. The FFIEC (Federal Financial Independent Examination Council) is taking note of this risk area and is adding additional oversight for both third-party and fourth-party risk—and we can expect other federal agencies to follow suit.
3. Cybersecurity will become increasingly important for mergers and acquisitions.
We’re beginning to see increased scrutiny on both cybersecurity posture and performance during the M&A process. Again, Yahoo is another example of this. Yahoo was set to be purchased by Verizon for about $5 billion, but after details of its September 2016 disclosure of a 500-million-account breach came to light, Verizon reportedly began looking for a $1 billion discount. In December 2016, Yahoo revealed a separate attack—which happened in 2013—that resulted in the breach of over one billion accounts. Following this revelation, reports show that Verizon is looking to renegotiate the acquisition. If Verizon gets their wish, the Yahoo breach will go down as the most expensive breach of all time.
4. The cyber insurance market will continue to grow and evolve.
While cyber insurance won’t necessarily become mainstream in 2017, we do expect it to emerge as a major component to many organizations’ risk transfer strategy. We expect to see more organizations asking for larger limit policies and including insurance in their cybersecurity strategy, and the market responding in kind. Furthermore, 2017 will likely see insurers offering more proactive and improved services to their insureds. These services are mutually beneficial, providing the insureds with valuable information and reducing the insurers risk of claim.
YOUR NEW YEAR’S RESOLUTION
To gear up to better handle these cybersecurity trends, part of your New Year’s resolution may include increasing your performance and improving on your cybersecurity strategy. If that’s the case, we have a little gift for you. Download this free white paper to learn how security risks can be measured externally and why that can make the difference to your security posture in 2017.