4 Cybersecurity Trends You'll See In 2017

During 2016, a lot happened in the realm of cybersecurity, and we witnessed a number of noteworthy events and trends:

• The two largest consumer security breaches of all time—both from one company.
• Larger investments in many organization’s cybersecurity budgets.
• An evolution in threat landscape, as evidenced by the rise in ransomware.
• Breaches motivated by information instead of profit or intellectual property, as evidenced in the DNC hack.
• Cybersecurity questions posed in the 2016 presidential debates.

Your organization’s security performance can—and should—be measured externally. Learn more in this white paper.

All of these events highlight the level to which this domain has risen—we’re in a time where cybersecurity strategy is more important than ever to consumers, businesses, and the federal government. With this in mind, we’ve highlighted four major cybersecurity trends we expect to see in the new year.

4 Cybersecurity Trends You'll See In 2017

1. There will be more breaches.

Like death and taxes, data breaches are another unfortunate certainty. And because of this certainty, we expect that a number of “subtrends” will emerge in 2017. For one, there will be more public disclosure and transparency following breaches because of increased scrutiny and less stigma. People today understand that breaches are a reality and companies can recover from them. Generally, the market is more forgiving if the breached company is both prepared and transparent from the get-go. The market realizes that data breaches are part of doing business online and that organizations need to prepare for and respond to appropriately. Similarly, you’ll see more organizations shift to prepare and respond instead of just reacting.

2. There will be increased oversight and governance around cybersecurity.

Increased oversight and governance is a consequence of the first trend—and we expect to see this trend grow in several different ways over 2017:

• Board oversight will continue to increase. Boards today want to understand and become more aware of cybersecurity, and management wants to know how to better report risk information and cybersecurity strategy in a language the board is fluent in. We’re also expecting to see the frequency of board-level reporting on risk and security increase. Some CIOs or CISOs are reporting on cybersecurity monthly to the board, which is a massive shift—and we expect to see this trend continue.
• Regulatory interest will continue to build. After the Yahoo breach, six U.S. senators called for further investigation—showing an increased interest in cybersecurity from the federal government. Additionally, in the last several years, some of the largest and most publicized breaches, including Wendy’s, OPM, T-Mobile, Lowe’s, Dairy Queen, Home Depot, and Target, were third-party incidents. The FFIEC (Federal Financial Independent Examination Council) is taking note of this risk area and is adding additional oversight for both third-party and fourth-party risk—and we can expect other federal agencies to follow suit.

3. Cybersecurity will become increasingly important for mergers and acquisitions.

We’re beginning to see increased scrutiny on both cybersecurity posture and performance during the M&A process. Again, Yahoo is another example of this. Yahoo was set to be purchased by Verizon for about $5 billion, but after details of its September 2016 disclosure of a 500-million-account breach came to light, Verizon reportedly began looking for a $1 billion discount. In December 2016, Yahoo revealed a separate attack—which happened in 2013—that resulted in the breach of over one billion accounts. Following this revelation, reports show that Verizon is looking to renegotiate the acquisition. If Verizon gets their wish, the Yahoo breach will go down as the most expensive breach of all time.

4. The cyber insurance market will continue to grow and evolve.

While cyber insurance won’t necessarily become mainstream in 2017, we do expect it to emerge as a major component to many organizations’ risk transfer strategy. We expect to see more organizations asking for larger limit policies and including insurance in their cybersecurity strategy, and the market responding in kind. Furthermore, 2017 will likely see insurers offering more proactive and improved services to their insureds. These services are mutually beneficial, providing the insureds with valuable information and reducing the insurers risk of claim.

Your New Year’s Resolution

To gear up to better handle these cybersecurity trends, part of your New Year’s resolution may include increasing your performance and improving on your cybersecurity strategy. If that’s the case, we have a little gift for you. Download this free white paper to learn how security risks can be measured externally and why that can make the difference to your security posture in 2017.