5 Global Cybersecurity Trends for 2017

Here are some trends we're seeing as we head into the new year:

1.          Your chance of losing money increases every day.

Sera-Brynn® is the only cyber security firm in North America partnered with a multi-billion dollar financial services company. As such, we have a unique insight into the specific risks businesses and organizations face across the international banking ecosystem. Our prognosis: the rise of sophisticated phishing and spear phishing techniques account for a majority of the increasing risk to your business’ bank account.

In the majority of cases of financial loss we have investigated, the initial breach was due to inattentiveness (someone did something they shouldn’t have and let the bad guys in the system). We have been fortunate enough on a few occasions, working with international law enforcement and the financial services industry, to recover some funds from overseas accounts, but this is the exception, not the norm.

These attacks are increasing, and so are the losses. And once the money leaves your account, it’s gone.

2.          The Rise of Third Party Audits by Specialists.

If you are a subcontractor or a vendor to a larger company, self-attestation of meeting applicable cybersecurity safeguards may no longer be enough. We’re seeing contract language more and more reflective of the option for Third-Party Audits. This is already prominent within the financial services industry.

That audits should be conducted by specialists is a growing trend. As an example, our firm audits large multi-national audit and accounting firms so that they can, in turn, audit their clients. In some cases, insurance policies require companies to provide a mechanism to ensure their vendors are meeting strict cybersecurity criteria. The days of Managed Service Providers (MSPs) auditing themselves is slowly coming to an end, if for no other reason than to comply with specific insurance criteria. In other cases, government or industry-mandated compliance criteria must be validated by a third party.

Don’t be surprised if your future business contracts require a third-party validation of your cybersecurity posture.

3.          Cyber liability insurance is growing…fast.

Our firm works very closely with insurance carriers and international re-insurers. We also support the self-insurance industry (Captives and Risk Retention Groups). One thing they all have in common: they are focused on limiting the risk exposure of small businesses.

Small businesses are woefully unprepared for the potential losses a significant data breach can represent. And from a purely financial perspective, there is a slow but steady trend of a shift from “risk mitigation” to “risk transfer”. At a recent National Governors’ Association meeting on small business cybersecurity, we made the case that based on our experience small businesses are more likely to pursue insurance than technology solutions to mitigate their cybersecurity exposure.

Be forewarned, though: after almost a decade of capturing and analyzing actuarial data on small business data breaches, cyber liability policies are maturing rapidly and will increasingly require specific technology and procedural activities in place before issuance of coverage.

4.          Cybersecurity is becoming Institutional.

Cybersecurity is begrudgingly becoming an accepted cost of doing business. No longer relegated to the IT department, we see it becoming more and more an integral part of corporate risk management. And who is responsible for risk management? The C-suite.

More importantly, this shift in perspective is forcing a more institutional approach to combating cyber risk exposure. Namely, internal communications, training, and corporate culture.

The corporate “cybersecurity team” is evolving to include, at a minimum, general counsel, insurance representatives, public relations, crisis management, and third-party forensics specialists.

5.          Regulatory compliance is coming like a freight train.

Meaning it has increasing momentum and is unavoidable. The enormous amount of lost capital due to data breaches ($6 Trillion annually by 2021 according to Cybersecurity Ventures) in essence represents the largest illicit transfer of wealth between nation states since the existence of record keeping. This is a big deal, and governments around the world have realized this is an issue of national security and sovereignty.

Mandatory cybersecurity compliance rules are gaining acceptance as one of the best ways to limit the loss of wealth and intellectual property across a broad range of business interests. One of the industries required to meet specific federal cybersecurity compliance criteria is US Government contractors. The United States Department of Defense last year finalized a supplement to the Defense Federal Acquisition Regulation mandating specific cybersecurity actions by December 31st of this year. The penalties for not meeting them could be severe. And this is just the beginning.

Regulatory compliance is becoming increasingly complex as it may also include transnational oversight. For example, our firm is working with legal offices in the United States and the European Union (EU) to help US-based businesses and organizations better comply with the EU General Data Protection Regulation (GDPR) – the legal and financial ramifications of non-compliance are materially substantial.

Overall, we expect to see other industry groups and business interests begin to fall under mandatory cybersecurity regulatory compliance in one fashion or another. It is inevitable.