Look into my crystal ball: Five 2020 cybersecurity predictions

“Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window.” – Peter Drucker

Not only is December the time when families and friends gather to reflect on the past year, it’s a time when leaders and experts gaze into the future. Armed with reams of data and backed by the latest Artificial Intelligence and Machine Learning solutions, this is when we test the boundaries of what we know to be fact and fill in the gaps with a combination of intuition and experience. Here are five predictions for the next 12 months.

  • Data breaches. Again.

This time last year, the number of data breaches in the US dropped for the first time in more than 5 years. The question was, would the downward trend continue in 2019 or would we return to a more normal pattern of a steady increase in breaches? Now we know. There were 1,244 reported data breaches in 2018. At the end of October 2019 (the most recent available data), the number of data breaches in the US stood at 1,272 with two months to go – indicating a return to the normal pattern which means 2020 could be a record-breaking year. Again.

  • Hacking for fun & profit

In 2019 hacking was the root cause of most data breaches (~ 52%) for the first time, followed by malicious insiders and outsiders (~38%), and accidents/system failures (~10%). In 2020 hacking will claim an even bigger share of attacks that result in data loss or system takeover. Keeping up with patching and security rules will be the primary line of defense, but also the area where enterprises of all sizes struggle the most.

  • Fake websites, emails & tweets – Oh, My!

The average cost of a ransomware attack has grown by 6x in the past nine months and businesses lost $1B dollars to Business Email Compromise (BEC) in the past 12 months. Letter-perfect fake emails, social media posts, and spoofed websites will result in a lot more compromises in 2020 that will cost businesses and government agencies time, money, and reputation.

  • For every silver lining, there is a cloud (service)

Did you ever think teams would need to be reminded to lock-up their cloud assets with a password? In 2019 we saw a new category of security risk – exposed data – resulting from the failure to configure security for cloud-based databases and applications. Given the number of exposures reported in Q3 & Q4, it’s not a stretch to predict there will be a lot more potential data disasters in 2020 for lack of adequate cybersecurity.

  • Everyone Loves a BOGO

What started with the GDPR in 2018 and expanded under the CCPA in 2019, will accelerate across the US in 2020: Cybersecurity and data privacy laws converging under a single legislative and regulatory framework. Businesses will have defined cybersecurity requirements under state law along with mandatory consumer access mandates. Failing to follow both will create more financial and brand risk for companies, but compliance will offer protections.

John K. Adams is the CEO of Waratek

Related resources

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.