In 2018, sites including Blind (an anonymous social network), FedEx, Amazon, and FitMetrix all had their servers exposed as a result of a simple mistake: they didn’t password-protect their databases. As a result, pretty much anyone who knew where to look could access every user account in these servers. These instances of user data leaks illuminated a simple truth about the state of cybersecurity: many instances of data exposure are entirely preventable. This is what the results of a NewtonX survey with 200 cybersecurity experts revealed: while true breaches, where a hacker targets a vulnerability, certainly are occurring with increasing frequency, the bigger threat to corporate databases is simply a lack of education around basic cybersecurity.
The 200 experts that NewtonX interviewed identified different ways that enterprise cybersecurity is vulnerable, as well as trends for the coming year in terms of data protection, transparency, and cybersecurity insurance.
The Top Issues and Trends in Enterprise Cybersecurity in 2019
Cybersecurity has been a hotly debated topic for the past year in light of data scandals at Facebook, Uber, Quora, and Marriott, to name just a few. However, legislation and policy around user data and privacy protection policies has lagged behind the scandals, meaning that many companies are not properly incentivized to do due diligence on their data storage practices. As a result of these phenomena, the NewtonX cybersecurity experts identified the following issues and trends as the most important to pay attention to for 2019.
1. An increase in tech-first approaches, but no accompanying cybersecurity
Among all Fortune 500 CEOs, 71% say they are running a technology company. This view reflects the recent shift in enterprise reliance on software, data, business intelligence, and hardware — today, most large companies truly are technology organizations. However, each of these technologies come with a staggering volume of code and ability to collect data. Even benign-seeming systems can hold sensitive customer data with very little (or often absolutely zero) cybersecurity. For instance, Blind, the anonymous social network for discussing workplaces, suffered a data leak as a result of not even password-protecting one of their database servers, thus enabling anyone to access users’ account information and de-anonymize them. This is just one example of many of how tech-first companies can make glaring cybersecurity mistakes simply by not prioritizing it.
2. As a result, further increase in data leaks and exposures
Despite much-publicized data leakes, 82% of the NewtonX survey respondents expect data leaks and exposures to increase this year. Whether as a result of human error, a lack of security education, or deprioritization, data exposures will only increase. However, publicized leaks are likely to lead to companies scrambling to put cybersecurity infrastructure in place. Cautionary tales such as those above will lead to further investment in cybersecurity, and to fewer preventable mistakes.
3. Evolving legislature makes many companies vulnerable
Another phenomenon that will lead to greater investment in cybersecurity and data protection infrastructure over the coming year is new legislature. California recently passed a consumer privacy law that’s set to go into effect at the end of 2019, which will affect many of the largest tech companies in the world. In response, tech companies have banded together to lobby for federal legislature (that would conceivably be more lax) in order to overrule California’s new law. One way or another, though, companies large and small will find that GDPR was just the tip of the iceberg when it comes to data protection legislature.
4. A rise in the cybersecurity insurance market
As NewtonX wrote in 2018, over 50% of the 25 largest cities by population in the U.S. now have some form of cyber insurance. The global cybersecurity insurance market is expected to reach over $17B by 2023, up from a mere $4B in 2017. The above factors — increased breaches, accidental data leaks, and evolving legislature (and thus liability) — will all contribute to the market’s growth. However, the NewtonX survey also revealed that the high cost of cybersecurity insurance is an inhibiting factor for many companies.
Data Protection is Already a Competitive Advantage
Whether a company suffers a breach or a leak, there’s no doubt that poor cyber security affects brand image. Additionally, data vulnerabilities cost money: as we recently wrote, the cost of a data breach in the U.S. amounts to, on average, over $7M per breach — double the global average. 2017 had the highest number of reported data breaches in the past 11 years, followed closely by 2018. Those companies that have managed to weather the storm (looking at you, Apple), have reaped the benefits — and in 2019, the companies that can secure the trust of their users through robust data protection will likewise not only save money but gain a reputation for valuing user privacy.