It’s 2019 and we’re set for another very interesting year in the world of cybersecurity.  Below are some thoughts on what 2019 will bring for your business around security and privacy.

Cybersecurity is a differentiator
Consumers and businesses have had breach fatigue for years.  In 2019, they will choose to do business with companies that make a public commitment to their data security and privacy.  Apple is providing leadership in this area.  Companies that commit to their cybersecurity program can not only provide better assurances to their customers around data protection, they can use their increased maturity to up-sell services and features around this increased capability.

Incident Response maturity must increase
Increasing regulation means that incident reporting requirements are becoming more strict.   The GDPR regulation mandates a 72-hour reporting requirement following the awareness of a breach.   It is extremely difficult and unlikely that your company will understand the details of a breach within 72 hours, which could lead to reputational damage.  This was illustrated with Facebook’s disclosure of a breach in September of 2018.  Facebook initially stated that 50 million users were affected, it then reduced that number to 29 million.  The requirement to report breaches without full knowledge of the scope and impact means that incident response programs are becoming increasingly important.

Cyber due diligence is on the rise
Proper cybersecurity is finally being recognized as a factor in M&A deals for financial institutions.  Yahoo’s breach disclosure during the Verizon acquisition, which led to a price reduction of $350 million, illustrated the importance of determining what risks might exist before a company acquires another entity.  The SEC has provided guidance around cybersecurity risks, so expect this to become a focus area if you are attempting to get funding.

Data Privacy can no longer be ignored
Regulations like the California Consumer Privacy Act and Vermont’s data broker law are just the beginning of an inevitable increase in legislative action around privacy.  Enforcement of the EU GDPR (and respective fines) will increase in 2019.