Experian, a leading credit reporting and data services company, recently released its “2015 Second Annual Data Breach Industry Forecast” white paper, offering predictions regarding trends in data security for the coming year. The entire piece is worth reading, but the report draws six major conclusions:
Closing window for payment hacks: Experian predicts that coming changes in “chip and PIN” payment card technology will prompt hackers to exploit issues with the older cards while they still can. The company notes that businesses and customers alike should take care not to foster a “false sense of security” with these new security technologies.
More hackers targeting cloud data: Echoing predictions from a recent Forrester Research report, Experian warns businesses to expect increased efforts by data thieves to get at sensitive customer information hosted in cloud data storage solutions.
Expect more health care data breaches: As more and more personal medical information is being stored, accessed, and transmitted digitally, and as wearable medical devices become more popular, Experian’s researchers project a greater risk of that data being compromised and used for illicit purposes.
More scrutiny of business leaders: In the past, a data breach was generally considered an “IT problem,” but a tipping point has now been reached. More and more, customers, vendors, and regulators are holding company executives accountable when data breaches occur.
Biggest threats are internal: Though businesses will continue to strengthen protocols and practices to protect themselves from external threats, employee actions (both unintentional and otherwise) will still be the main cause of data breach incidents in 2015.
“Internet of Things” an emerging target: A recent study by Gartner predicted a 30-fold increase in Internet-aware “smart devices” by 2020, creating billions more possible targets for hackers. Even relatively innocuous devices such as thermostats, refrigerators, and even light switches will be potential security risks for both their owners and the networks to which they are connected. It may seem odd, but eventually many of us will have to worry about data thieves getting access to our financial information via our toasters.
One interesting phenomenon highlighted in the white paper is the curious apathy (dubbed “data breach fatigue”) exhibited by many consumers regarding the increasing danger and frequency of data security incidents. According to a separate study, “more than one-third of consumers reported they ignored data breach notification letters, taking no action to protect themselves from fraud. However, most consumers continue to believe organizations should be obligated to provide identity theft protection (63 percent) and credit monitoring services (58 percent).”
Experian recommends that the communication from companies who experience a data security issue needs to be improved to help customers understand severity of a given occurrence and the positive steps that need to be taken by customers to protect themselves.
Another important insight from the Experian report is that more and more states will be passing laws and regulations regarding notifications and other requirements following a data breach. This puts an even greater onus on businesses to know the requirements specific to the state(s) in which they do business.
Cyber Insurance Surges
The final section of the white paper reviews Experian’s predictions from the previous year. The data company’s experts called an impressive five out of six correctly last year, including this important one:
To increase their security posture, more and more companies have been adopting cyber insurance as part of their preparedness plan. According to the Ponemon Institute, the adoption rate for cyber insurance more than doubled from 10 percent to 26 percent over the past year.
According to the FBI, over 500 million financial records were hijacked by hackers over the past twelve months. Since the population of the United States is 316 million, that number isn’t promising. Joseph Demarest, who serves as assistant director of the FBI’s Cyber Division, stated it plainly: “You’re going to be hacked. Have a plan.”
If your business doesn’t currently have cyber insurance coverage, now is the time to talk to your agent to review your exposures and determine whether your business is at risk.