All signs point to 2014 being a “critical year for companies to better prepare to respond to security incident and data breaches,” warns Experian in its latest report on the future of cyber risk.
Malware and hacking attacks jumped by 20% and 31%, respectively, from 2010 to 2011, but fell by nearly 30% in both categories in 2012, reports Verizon. However, 2013 has seen its share of high-profile companies falling to subtle hacking techniques, including Adobe, which lost nearly 38 million personal and password records and Livingsocial, which lost 150,000 pieces of data.
Experian says that more than half of organizations are armed with data breach preparedness plans, but the report takes a glass-is-half-empty approach to the statistic, saying that still “not everyone is prepared.”
Here are the strategic expert’s six predicted trends for the cyber battlefield of 2014, according to its 2014 Data Breach Industry Forecast:
1) Data Breach Cost Down - But Still Impactful
As more organizations learn to identify and respond to security incidents and data breaches, the cost per record of a breach will probably continue to trend downward. Last year, according to the Ponemon Institute, the cost per record drooped from $194 to $188. The key factors for the reduction include organizations having a strong security posture with incident-response plans in place. Presumably, better prepared companies are more effective at managing consumer concerns after an incident, and in return can reduce the costs due to customer churn. Strong preparations also allow companies to be more cost efficient in engaging outside consultants in managing a breach. Furthermore, many companies will offset the cost of incident response through cyber-insurance policies.
2) Will the Cloud and Big Data = Big International Breaches?
The data breaches of tomorrow are likely to be global in nature, adding significant complexity to the data-breach response process. With the rise of cloud computing, significant quantities of sensitive data now travel across national borders in the blink of an eye. Large data centers host data from citizens all over the world. Yet, while these data flows are global, the data breach laws and cultural norms for responding to an incident are local. This makes responding properly to a large breach a significant compliance challenge… The door is open to a burgeoning opportunity for industry players to fill a strong need.
3) Healthcare Breaches: Opening the Floodgates
The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014. The sheer size of the industry makes it vulnerable when you consider that as Americans, we will spend more than $9,210 per capita on healthcare in 2013. Add to that the Healthcare Insurance Exchanges (HIEs), which are slated to add 7 million people into the healthcare system, and it becomes clear that the industry, from local physicians to large hospital networks, provide an expanded attack surface for breaches. When combined with the soaring cost of medical-identity theft caused by data lost in a breach, the healthcare industry is facing a perfect storm that could cause significant business disruption.
4) A Surge in Adoption of Cyber Insurance
Many companies will look beyond just investing in technology to protect against attacks and toward the insurance market to manage financial ramifications of breaches. According to a recent Ponemon study, one-third of companies already have cyber insurance and the study estimates there will be a 50 percent growth in policies purchased in the next year. When combined with the expected $1.3 billion in annual premiums in 2013, the cyber-insurance industry is likely to experience boom times. While this trend should not be interpreted as companies waving the white flag at protecting against security threats, it does demonstrate the need to think beyond the traditional technology-centric “castle and moat” strategy, says the report.
5) Breach Fatigue: Rise in Consumer Fraud?
Each day there are security incidents that go unreported, but as laws are changing and awareness is growing, more and more breaches are expected to be made public. As the number of reported breaches in the media increases and the frequency of notifications that consumers receive grow, they may become apathetic towards the subject, according to the report. With an estimated one out of four Americans receiving a breach notice, it is possible consumers will get tired of hearing about breaches, leading to “data breach fatigue.” This fatigue could lead to significantly more harm by causing fewer consumers to take action to protect themselves after an incident, which could result in higher levels of fraud.
6) Beyond the Regulatory Checkbox: Partnering with Officials
Watch for state regulators and law enforcement to turn a new leaf this year, states the report. In the absence of significant action on the federal level, many state attorneys general are devoting significant attention to helping organizations better manage breaches. This includes expanded enforcement action, but also opportunities to share best practices in helping prevent incidents and protect consumers. California Attorney General Kamala Harris recently issued a report on medical identity theft urging the healthcare industry to use the federal Affordable Care Act as a window of opportunity to become more proactive in preventing medical identity theft. In Vermont, the Attorney General’s office assists small businesses that want to improve the safekeeping of their customers’ data, the report says. Likewise, local municipalities may also jump on the bandwagon.