Regulatory Scrutiny, Supply Chain Threats Expected to Increase
By Tom Hagy
You might think organizations have learned their lesson about data security risk and have been vigilant in taking appropriate measures to tighten up their security and response protocols. And for many companies you would be correct. But even those vigilant organizations are going to have to step up their game in 2014.
The cyber risk team at Kroll has released their Cyber Security Forecast for 2014, saying organizations will experience, among other things, fallout from leaks at the hands of insiders, increased scrutiny from the Federal Trade Commission and its counterparts at agencies in the U.S. and around the world, and continued supply chain threats.
KROLL’s Jennifer Rothstein is co-chairing this year’s NetDiligence Cyber Risk & Privacy Liability Forum set for June 11-13 in Philadelphia. Her fellow chairs are Robert Jones from AIG, Paul Miskovich with AXIS PRO, Jim Giszczak with MCDONALD HOPKINS, and Tim Stapleton with ZURICH.
Reputational, financial and legal risks will only increase, Kroll warns. Security strategies that once were reserved for the critical infrastructure of large companies will be expected for all organizations, the company predicts, saying the National Institute of Standards & Technology security framework and others like it “will become the de facto standards of best practices for all companies.”
“Whether compulsory or unstated, these standards will drive organizational decision-making with regard to cyber security. Organizations that don’t follow suit may find themselves subject to shareholder lawsuits [and] actions by regulators . . .” Kroll said.
“This trend will move the U.S. in the direction of the EU, where there is a greater recognition of privacy as a right,” said Alan Brill, senior managing director at Kroll. “As new laws evolve that reflect the NIST guidelines and look more like the EU privacy directive, some U.S. companies will find themselves ill-prepared to effectively respond to the regulations. To minimize their risk, organizations will have to get smart on these standards and make strategic business decisions that give clients and customers confidence that their information is protected.”
The data supply chain will pose continuing challenges to even the most sophisticated enterprises. “Kroll has responded to breaches where subcontractors not only failed to provide timely notice that they were breached, but also refused to cooperate with the investigation. Companies should know who they are giving their data to and how it is being protected,” said Tim Ryan, managing director and Cyber Investigations practice leader. “This requires technical, procedural, and legal reviews.”
Other predictions from Kroll:
- The malicious insider will remain a serious threat, but will become more visible.
- Corporate board audit committees will take a greater interest in cyber security risks and the organization’s plans for addressing them.
- Sophisticated tools will enable smart companies to quickly uncover data breach details and react faster.
- New standards related to breach remediation are gaining traction and will have a greater impact on corporate data breach response.
- As Cloud and BYOD adoption continues to accelerate, greater accountability will be required for implementing policies and managing technologies.