The EMV liability shift went into effect, 62% of companies reported experiencing payments fraud and nearly 120 million records were exposed in healthcare related data breaches. The year is drawing to a close and many of the predictions Experian Data Breach Resolution made for 2015 came to fruition. As the data breach landscape continues to evolve, companies will be weighing their priorities carefully as they manage budgets and revise data breach response plans for the coming year.
Having handled more than 3,000 data breaches in 2015, our team at Experian offers a look ahead to what could happen in our Third Annual Data Breach Industry Forecast report. Here are some highlights:
Consumers and companies: Collateral damage in cyber conflicts between countries
Cyber security and data breach threats are no longer originating solely with criminal individuals or groups. As countries escalate their conflicts and espionage into the digital world, it’s likely more incidents will aim at stealing corporate and government secrets, or disrupting military operations. Millions of innocent individuals could become collateral damage, suffering the exposure of their information, and businesses may have their IP stolen.
The return of ‘hacktivism’
The resurgence of hacktivism — cyberattacks by groups or individuals looking to advance their cause — began in 2015 with the hacking of the Ashley Madison website and the Ku Klux Klan, and it’s likely to continue to escalate in 2016. Stealing data can now achieve more than just financial gain for hackers; they can use information to blackmail or extort a company. Companies will need to adjust their data breach response plans to address this emerging threat. They should also be aware of how such incidents turn consumers into pawns in the hacktivist’s game, and consider how they will help take care of victimized customers.
Presidential candidates turned targets
The 2016 U.S. presidential election will almost certainly be a dominant news story for much of the year, and it’s likely hackers will target one or more of the candidates, their campaigns or their major donors. Big data analytics drive modern campaigns, making the potential for a politically motivated attack a significant threat. The presidential arena is an attractive platform for fame-hungry criminals or motivated detractors.
EMV, Chip-and-PIN won’t halt payment breaches
The EMV liability shift occurred in October, absolving consumers of liability in many instances of card-payment fraud. Wider use of EMV-enabled credit and debit cards may decrease payment fraud incidents, but it will not halt payment breaches altogether — in large part because it will take more time for the majority of businesses to become equipped with Chip-enabled technology.
Healthcare and employee negligence will make headlines
By far the greatest number of compromised records — and the most intense media attention — stemmed from the healthcare industry in 2015. Healthcare was a favored target of cybercriminals last year and that is unlikely to change in 2016. However, equally deserving of attention and vigilance will be smaller incidents resulting from employee negligence. While under-reported, such incidents compromise millions of records every year, and are often due to employees mishandling, misplacing or losing paper records and physical backup of information.
Each data breach is unique, with a wide variety of circumstances that your data breach response plan must account for. Companies that take a “one-size-fits-all” approach to data breach response planning will be making a potentially costly mistake.
The full whitepaper, Third Annual Data Breach Industry Forecast, is available for free download.