Survey Reveals Information Security Predictions for 2016

“Cybersecurity Misconduct Expected to Result in Increased Penalties for Employees”

Survey Reveals Information Security Predictions for 2016    

HERNDON, VA–January 12, 2016— The focus on insider threats will increase and corporations will begin to penalize employees who misinterpret security policies and procedures, according to a new survey of corporate information security practitioners. The survey titled, Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices, was conducted by Ari Kaplan Advisors and published by global security intelligence and information management technology company Nuix.

Insider Threat Programs and Policies Will Become Enforceable by Courts
Based on the findings, Nuix predicts that corporations without an insider threat program or policy in place, approximately 33% of respondents, may be legally forced to implement one.

“If you have not made insider threat protection a priority, the court will force you to do so,” said Keith Lowry, Nuix’s Senior Vice President of Business Threat Intelligence and Analysis. Lowry explained that victims of data breaches are increasingly trying to prove negligence or failure to meet an acceptable standard of care on the part of a data custodian. “The Federal Trade Commission also has the authority to enforce cybersecurity regulations, which further complicates the environment,” he said.

Corporations Will Penalize Employees Who Misinterpret Security Policies
The majority of survey respondents, a resounding 93% of those surveyed, said people were the biggest weakness in information security, ahead of technology and processes.

“There’s a recognition now that everyone is responsible for cybersecurity, not just those working in IT,” said one respondent.

For this reason, Nuix predicts that corporations will begin to penalize employees who “misunderstand, misinterpret, or miscalculate longstanding security policies and procedures.”

Cybersecurity Will Continue to Be an Enterprise-wide Concern
The report found that in 2015, most organizations ranked information security as one of the highest corporate priorities along with profitability, governance, and staffing. Reflective of this, 96% said that they shared and collaborated with other information security executives, an increase of four percentage points over the 2014 numbers.

“Security leaders now have a much more influential seat at the table,” said Ari Kaplan, the report’s author and principal researcher. “They’re connecting with almost everyone within an organization.”

Nuix predicts that the profile of the security teams and their leaders is likely to rise. “The influence of the Chief Information Security Officer will grow throughout the C-suite, similar to how the general counsel’s weight has risen over the years,” said Kaplan.

Technology Will Evolve Rapidly
Finally, Nuix also predicts that new forms of technology will help companies build stronger protocols and encourage greater employee awareness.

This is based on report findings and Kaplan’s comments stating “Technology is changing even more rapidly than ever; the solution providers are smart enough to know that just as hackers are constantly upping their game, the technology must advance as well.”

The report Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices was written by Ari Kaplan Advisors and sponsored by Nuix. It involved in-depth interviews of 28 corporate security officials and two experts with experience across thousands of security breach investigations. Download the Defending Data 2015 Report here.