That’s according to the 2014 Data Breach Industry Forecast from Experian Data Breach Resolution, which noted that several trends will shape business preparedness going forward, including the Affordable Care Act in the US and the international regulatory environment.
“Over the past year, we have handled more breaches for clients than ever before, so it was an opportune time to share our perspective with the industry,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a statement. “Data breaches will likely happen, so it is important that organizations keep abreast of the latest cybersecurity news and trends.”
With the addition of the Healthcare Insurance Marketplace, thousands of individuals will be introduced into the healthcare system and possibly increase the vulnerability of the already-susceptible healthcare industry. When combined with new Health Insurance Portability and Accountability Act (HIPAA) data breach compliance rules that require more notification, the healthcare industry is likely to make the most breach headlines in 2014, Experian said.
Experian also said that even though a federal data breach law in the US isn’t slated for this upcoming year, state regulators are likely to ramp up efforts to engage companies on data breach responses. Along with the potential for increased fines, this engagement could provide an opportunity for more open communication and partnerships, which will help protect customers from harm.
Meanwhile, international data breach response plans will be essential as European Union regulations continue to take shape and be enforced based on where the customer lives rather than where the data is located. In response, organizations will begin looking for internationally savvy privacy attorneys to help guide them through the new regulations in foreign jurisdictions, as well as new ways to provide notification in many languages and locations.
Thanks to the increased activity, there will be a corresponding surge in cybersecurity insurance, the firm said. “Currently, only one-third of companies have purchased cyberinsurance, which means significant growth potential to providers,” the paper noted. “As the industry evolves, rapid adoption is expected within the year. In turn, companies will likely benefit from more policy options.”
Consumer awareness of say, clicking on malicious links, is having somewhat of an impact, the report found. The cost per record of a data breach is likely to continue to decline, largely due to increased awareness among organizations of how to prepare for and mitigate the damage caused by any single incident. However, security incidents and other breaches can still cause significant business disruption if not properly managed and the number of reported breaches still may rise.
“Over the past decade, we have seen an explosion of security incidents impacting millions of consumers worldwide,” Experian said. “Throughout 2013, there were many significant data breaches and this shows no sign of slowing in the upcoming year with healthcare, energy, financial services, retail and telecom industries continuing to be top targets. In fact, this past year marked the single, largest breach to date.”
And while more than half of organizations are armed with data breach preparedness plans, not everyone is prepared. “This is unfortunate because the assumption should be that a data breach is likely to happen,” the firm said. “It is imperative that companies and organizations understand the evolving data breach environment and ensure their response plans are continuously enhanced to address emerging issues.”