Stroz Friedberg’s 2016 Cyber Predictions shows the top six trends that will be making an impact within the next 12 months. 2015 demonstrated how complex and fluid the cyber threat landscape is. We expect 2016 to be another challenging year for organizations to navigate a myriad of issues.

From cyber threats influencing the 2016 Elections, to IoT incidents shifting the dialogue from functionality to security, this year’s Predictions highlight cyber trends that organizations will need to pay close attention to in 2016.
CYBER THREATS
INFLUENCE THE 2016 U.S.
ELECTION
During the U.S. elections in 2008 and 2012, threat actors targeted both presidential candidates’ websites and emails. Now that campaign websites are used to raise money, their desirability and profile as targets for hacktivists and cyber criminals alike, will increase.
Expect to see U.S. primary frontrunners and eventual nominees from both parties successfully targeted, and at least one campaign undermined by a data breach.
IOT INCIDENTS SHIFT THE
DIALOGUE FROM FUNCTIONALITY TO SECURITY
Much like the 2014 spike in data breaches that propelled businesses to treat cybersecurity in earnest, 2016 will be the year of the consumer awakening. As a result of a major physical disruption—through the breach of a connected car, medical device, or weak security in a connected toy—regulators and consumers will demand action.
Expect companies to spend untold amounts testing and retrofitting IoT devices to meet hastily approved ‘privacy and security by design’ rules.
INSIDER THREAT LOOMS LARGE
Until now, the business world’s attention has been focused squarely on external threat actors. But in 2016, insider threats – current or ex-employees with knowledge of, and access to, the corporate network – will take center stage, forcing human resources leaders into the growing cross-functional cybersecurity team.
Expect leading edge companies to start proactively addressing the Insider Threat risk by investing in technologies that identify, and in some cases prevent, insider threats before they cause material damage
Map of World by FreeVectorMaps.com
DATA PROCESSING AND STORAGE GOES LOCAL
The recent demise of EU-US Safe Harbor will continue to disrupt international data flows, especially when combined with huge fines for transborder transfers, political disputes over alternatives, distrust of U.S. government surveillance and subpoena power, and expanding European nationalism.
Expect this uncertainty to drive some companies to avoid doing business with Europe altogether, while other multi-nationals will opt to segregate business functions geographically by building local cloud services and data centers that protect them from penalties.
Boardroom shuffle
With concern mounting over cyber risks, and a lack of specialist skills in the boardroom, firms will evaluate a number of approaches to ensuring boards are well-informed and comfortable making decisions.
Expect the appointment of specialist, non-executive Cyber Directors and the formation of dedicated cyber risk committees (similar to audit committees), with independent advisors. Regulators may also pursue the concept of “cyber competent” persons as a requirement for boards.
CYBER INSURANCE PREMIUMS SKYROCKET, REGULATORS IMPOSE CARRIER ‘STRESS TESTS’
Continued strong demand for cyber coverage will increase the insurance premiums written in 2016, but constantly evolving threats, immature risk models, and an underdeveloped reinsurance market will also cause premiums to increase dramatically, particularly for retailers, healthcare providers, banks, and others considered high risk.
Expect the uncertainty about concentration of exposure to lead regulators to impose cyber incident ‘stress testing’—modelling the impact of multiple, simultaneous incidents on cyber insurance carriers—and potentially stopping those that fail these tests from writing new policies.
2016 Cyber Predictions