There is no doubt that cyber security is of increasing concern for all businesses worldwide. With attacks on the rise and regulators stepping up their efforts, we anticipate that this trend will continue into 2020 and beyond. As we begin a new decade we reflect on trends and events in recent years to consider what they may teach us about the year ahead. What does our crystal ball tell us?
There will be no let-up in the rate of cyber-security breaches
We see no indication that cyber-security breaches will diminish. While the number of breaches related to bad password management or a lack of awareness may decrease due to an enhanced profile, better training for consumers and the use of better technology to safeguard against this by business, the threat is constantly evolving. We anticipate that there will be further significant cyber-security breaches occurring globally, potentially involving the use of AI to manipulate data and spread misinformation, which will lead to more sophisticated and effective phishing and social engineering attacks. Additionally, as the attack surface of a company continues to expandwith the addition of new tools and greater use of cloud solutions, both complex and simple attacks are likely to continue to increase. The more IT and data the organisation has to manage, the greater the risk of an attack. The more established IT assets of businesses are usually well recorded and protected, however newer services, such as low cost web services which may be purchased without knowledge of the IT department or web-platforms being used to host key digital assets may not be as well protected as they can fly under the radar. Such services can be vulnerable as organisations are generally unable to protect the unknown.
Interference of state actors will continue
With a number of key global events set to take place in 2020, from the US election and Brexit to Euro 2020 and the Tokyo Olympic Games, the continued blurring of state actor and guns for hire activities is likely to continue, as misinformation and "fake news" become key components of nation state aggression. We also expect to see a further greying of the border between war, terrorism, crime and hacktivism. As hacks become more sophisticated, it's likely we will see more and more hacks with a political intent and used to manipulate political agendas. As noted above, whilst AI can be used to defend against cyber-attacks and the spread of incorrect information, it is also likely to be used by nation states and political groups to attempt to influence public opinion.
Regulation and guidance is still playing catch up and is likely to increase
Throughout 2020, we expect to see greater, and more granular, regulation and regulatory guidance being issued by governments and regulatory authorities in an attempt to stem the tide of data leaks due to insufficient knowledge and training within organisations and inadequate protection of data.
We also envisage the imposition of more regulatory fines (with the quantum no doubt set "pour encourager les autres") as authorities become more organised and able to respond to notified data breaches. In addition to this, we will see the rise of derivative claims and compensation litigation as business customers and individuals seek compensation for issues arising due to their data being compromised in a cyber-security breach. Regulation in this space has increased significantly in recent years, with GDPR and the NIS Directive coming into force against a background of existing regulation governing certain parts of cyber and data security. There are certain overlaps between the various regulations which can cause difficulty for businesses in attempting to comply. We hope that in the next year there will be some attempts to achieve a degree of balance to address the overlaps in the current regulatory environment.
Cyber insurance premiums will rise significantly
As breaches increase and new types of attack are developed, we are likely to see a significant rise in the cost of cyber insurance as insurers take stock of the likelihood of needing to pay out and the magnitude of those pay-outs. Attacks are becoming increasingly complex and customers are demanding more and more from their suppliers in terms of contractual guarantees in relation to the security of their data. As such, organisations processing data on behalf of their customers are likely to need more comprehensive cyber insurance to cover off these contractual risks. Naturally, this will come with a cost.
Our cybersecurity team has been deeply engaged in all aspects of cyber since 2010, making it one of the longest established specialist legal teams around. If you would like to know more about how we can help you to prepare and respond to a cybersecurity incident, click here or get in touch with Simon Shooter