2016 Predictions: Boardroom shuffles in the cards as cyber threats rise Tuesday 15 December 2015 PDF Print There is a lack of specialist cyber skills in boardrooms worldwide, including Britain’s, which is likely to become increasingly clear *** Expert predicts greater pressure on senior execs to boost cyber resilience *** The escalating threat from cybercrime is set to force companies into upping the skills of their boardroom executives in 2016, a global security and risk management consulting firm has predicted. "There is a lack of specialist cyber skills in boardrooms worldwide, including Britain’s, which is likely to become increasingly clear as 2016 progresses," said Ed Stroz, executive chairman of Stroz Friedberg, which specialises in cyber security, investigations, and intelligence. "Companies are under growing pressure from investors, customers and regulators seeking reassurance that cyber risks are being actively managed and that they have the capability to deal with the aftermath of an incident." Stroz believes cyber trends - from hacktivist and insider threats to implications of potential cyber legislation in 2016 - will push corporate boards into reviewing their options to ensure they are better informed and comfortable making risk management decisions. He explained: "Leading companies in high risk industries like financial services will appoint specialist, non-executive cyber directors. To further address the significance of such risks and get ahead of a potential corporate governance failure, organisations may also form dedicated cyber risk committees in the coming year,” he said. “Modelled on existing audit committees, the cyber equivalent will create a board-level focal point for cyber risk, with the support of independent advisers to help strengthen a business’ cyber resilience." According to Stroz, while cybercrime knows no boundaries, certain industry sectors are at greater risk. “Financial services, particularly banks, are highly attractive targets. UK regulatory bodies are already taking steps to move cyber resilience up the agenda, with Operation Resilient Shield the latest example of cooperation between the Bank of England and other UK and US financial authorities, to stress-test key institutions' responses to a simulated attack. As a greater understanding of the industry's preparedness emerges, we will likely see regulators push the concept of 'cyber competent' persons as a requirement for boards,” he said. Looking forward to 2016, Stroz Friedberg highlighted other areas likely to be impacted by developments in cyber security: + Cyber Insurance Premiums Skyrocket, Regulators Impose Carrier ‘Stress Tests’: Continued strong demand for cyber coverage will drive gross written premiums up in 2016, but constantly evolving threats, immature risk models, and an underdeveloped reinsurance market will also cause premiums to increase dramatically, particularly for retailers, healthcare providers, banks, and others considered high risk. Expect the uncertainty about concentration of exposure to lead regulators to impose cyber incident ‘stress testing’—modelling the impact of multiple, simultaneous incidents on cyber insurance carriers and, potentially, stopping those that fail these tests from writing new policies. + Insider Threat Looms Large: Until now, the business world’s attention has been focused squarely on external threat actors. But in 2016, insider threats – current or ex-employees with knowledge of, and access to, the corporate network – will take centre stage, forcing human resources leaders into the growing cross-functional cyber security team. Expect leading edge companies to start proactively addressing the insider threat risk by investing in technologies that identify, and in some cases prevent, insider threats before they cause material damage. + Internet of Things (IoT) Incidents Shift the Dialogue From Functionality to Security: Much like the 2014 spike in data breaches that propelled businesses to treat cyber security in earnest, 2016 will be the year of the consumer awakening. As a result of a major physical disruption—through the breach of a connected car, medical device, or weak security in a connected toy—regulators and consumers will demand action. Expect companies to spend untold amounts testing and retrofitting of IoT devices to meet hastily approved ‘privacy and security by design’ rules. + Data Processing and Storage Goes Local: The recent demise of EU-US Safe Harbour will continue to disrupt international data flows, especially when combined with huge fines for trans-border transfers, political disputes over alternatives, distrust of U.S. government surveillance and subpoena power, and expanding European nationalism. Expect this uncertainty to drive some EU companies to avoid doing business with the US altogether, while other multinationals will opt to segregate business functions geographically by building local cloud services and data centres that protect them from penalties. + Cyber Threats Influence the 2016 U.S. Election: During the U.S. elections in 2008 and 2012, threat actors targeted both presidential candidates’ websites and emails. Now that campaign websites are used to raise money, their desirability and profile as targets for hacktivists and cyber criminals alike, will increase. Expect to see U.S. primary frontrunners and eventual nominees from both parties successfully targeted, and at least one campaign undermined by a data breach. As the commercialisation of politics becomes ever more pervasive around the world, this targeting of political websites will expand globally, including to the UK. Ends Distributed by The Communications Business on behalf of Stroz Friedberg. Denise Hannestad, The Communications Business, DeniseH@thecommunicationsbusiness.com. Tel 0131 205 1500 About Ed Stroz: A former Federal Bureau of Investigation (FBI) Special Agent, Ed Stroz founded Stroz Friedberg in 2000. In addition to overseeing the growth of the firm, he serves clients by applying his expertise in electronic evidence and investigations. His work includes responding to Internet extortions, denial of service attacks, computer hacking, insider abuse, theft of trade secrets, electronic discovery matters, and by providing expert testimony. Mr. Stroz has pioneered the use of behavioural science in the investigative methodology to gain insights about the intent and state-of-mind of computer users and has co-authored a book on the threats of computer crime and abuse posed by insiders and testified numerous times in court and at depositions as an expert witness. He has supervised hundreds of forensic assignments in assisting corporate clients, trial counsel, individuals, and he has conducted security assessments for major public and private entities. While at the FBI, Ed Stroz was responsible for the formation of the FBI’s Computer Crime Squad in New York City, where he supervised investigations involving computer intrusions, denial of service attacks, illegal Internet wiretapping, fraud, and violations of intellectual property rights, including trade secrets. In addition to his work on many high-profile cases, Mr. Stroz led his squad, together with the National Security Agency (NSA) and other agencies, as participants in the 'Eligible Receiver' war game exercise. About Stroz Friedberg, LLC: Founded in 2000, Stroz Friedberg is a global leader in cyber security, investigations, and risk management services. Working at the intersection of technology, leadership, regulation, governance and behavioural science, the company is driven by a core purpose - seeking truth so clients can find assurance and answers. With twelve offices across nine U.S. cities, London, Zurich and Hong Kong, Stroz Friedberg serves Fortune 100 companies, 80% of the AmLaw 100, and the Top 20 UK law firms. Learn more at www.strozfriedberg.com This press release was distributed by ResponseSource Press Release Wire on behalf of Denise Hannestad (The Communications Business) in the following categories: Business & Finance, Manufacturing, Engineering & Energy, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.