Experian’s 2015 Second Annual Data Breach Industry Forecast was recently released, echoing the changing perception of data breaches by both businesses and consumers. Despite obvious data breach fatigue, it is clear that the responsibility for data breaches is now being shouldered by board members and C-level executives.
Nearly half of the surveyed organizations suffered at least one security incident in the past 12 months. In response, 48% of organizations increased IT security technology investments and 73% created a data breach response plan. The survey reveals that organizations are taking more steps to protect data, but that risks too are increasing: new payment technology, cloud services, and the high value of healthcare data are some of the risks impacting organizations across a variety of industries this year.
Experian forecasts that Data Breach Trends for 2015 will include:
- The rise-and-fall of payment breaches
- More hackers will target cloud data (and weak passwords)
- Persistent and growing threat of healthcare breaches based on the high value of healthcare data
- Shifting accountability, with business leaders under increased scrutiny
- Employees remaining companies’ biggest threat
- New breach surface via the Internet of Things (IoT)
Each of these trends is discussed in full, along with a takeaway for organizations on how to prepare for each of these trends. In addition to these trends, the report looks at the quickly changing regulatory environment, impacted by a number of new and upcoming State laws. As the report indicates, 2015 will see a rise in both legal and regulatory scrutiny across all industries.
Experian echoes our own thoughts on data security, in that the focus on cybersecurity often overlooks the role that employees play in putting corporate data at risk (even if the eventual ‘breach’ is a cyberattack, employee negligence may still play a part). We agree that 2015 should be the year that organizations invest in increasing the security intelligence of employees, while also supplementing with technologies that help monitor and provide alerts if data is inadvertently put at risk.