From Google’s GDPR violation to data breaches happening just hours after the new year, 2019 is off to a crazy start, especially for risk managers. In anticipation of the months ahead, LogicGate CEO Matt Kunkel predicts what GRC professionals should be prepared for in 2019.
There’s no doubt risk managers stayed busy in 2018. From the GDPR rollout in May to numerous data breaches, these events come as no surprise to industry observers. To industry pros, data breaches are no longer seen in terms of “if,” but “when.” Every year, we continue to see companies collect enormous volumes of personal data, increasing the pressure placed on risk managers. However, in 2018, companies were finally held accountable for failing to protect customer data – just ask Mark Zuckerberg.
Looking ahead, what can GRC professionals expect in 2019? Below, I discuss three issues GRC professionals should be prepared for in 2019.
An Increase in Megabreaches
In 2018, megabreaches – data breaches that lose a million records or more – became normality. Breaches of Facebook, Google, Quora and Marriott, considered to be some of the largest ever, show that companies can expect to see this trend continue into 2019. While the importance of data backup and security is increasing, breaches and data-hacking are becoming more sophisticated. For this reason, companies will invest significantly in training and awareness. Unfortunately, for several companies, the training will either be too little, too late and megabreaches will continue to make headlines in 2019.
Executives Beware: Hackers to Attack Individuals
Beyond attacks on organizations, hackers will begin to target specific individuals. Powerful corporate executives could become easy targets for sensitive company information and data. However, no matter what rung you occupy on the corporate ladder, individuals should expect their businesses to devote more resources to cybersecurity training and awareness for employees. Despite these efforts, the cybersecurity skills gap will continue to grow as job descriptions continue to exceed the ability of many professionals to perform them.
As we become more connected to home gadgets powered by the internet of things, consumers must be on guard; thieves will find it easier than ever to access personal data. Attacks on vulnerable home networks and connected devices could lead to hackers stealing credit card and banking information – and even biometric information from health-monitoring devices.
GDPR Gains Traction in 2019
While the GDPR went into effect in 2018, we should expect to see companies face the consequences of noncompliance. With only 35 percent of organizations having a data breach reporting process aligned with GDPR requirements, it’s only a matter of time before a company is fined.
Companies in the United States that have an EU presence have already seen the effects of GDPR, even though it is not currently federally mandated in the United States. However, several state laws are going into effect that will play a similar role to the GDPR. In January 2020, the California Consumer Privacy Act goes into effect. Meanwhile, New York is reportedly developing comprehensive data laws of its own to pair with the NYDFS Cybersecurity Regulation. These regulations add to the challenges companies will face when ensuring compliance with global, federal and state laws.
Are You Prepared to Take on 2019?
If there’s anything we know for certain in 2019, it’s that you don’t want your company to be part of the growing list of breach victims. Take a moment this month to ensure your IT risk management plan clearly defines potential risks, estimates impacts, assesses threat levels and is sufficient to mitigate those risks and threats. These conversations are important and could spur the action you need to save valuable information and data in 2019.