Security Risk Management

2015 Information Security Predictions Round-up

Nick Gagalis | December 30, 2014

It's the time of year that every media outlet talks about predictions and resolutions. We've compiled a list of the most interesting and/or relevant information security predictions for 2015 and added a few of our own, courtesy of BitSight CTO & Co-Founder Stephen Boyer.

Information Security Practices

  • Increasing the effectiveness and reliability of information security products will be an important part of 2015. Companies in all industries can benefit from-- and will use--  better tools to understand their risk posture. (from Rapid7)
  • Security budgets will grow noticeably in industries outside of finance and defense. The increased spending will inflate expectations of information security from the Board, customers, governments and other parties. (from CSO Online)
  • More companies will notice that their networks have been breached, whether it is from their own effort or that of another party (an information security company, a government agency or someone else). However, they may not handle the attack well. There could be many PR consequences. (from CSO Online)
  • Companies are quickly learning the value of sharing information about cyber security. In the coming year, more organizations will be designed to help businesses share information, and more tools will fuel their actions. (from InfoWorld)


Types of Cyber Attacks


  • Ransomware will be used to target Healthcare companies because of the sensitive data they hold, and the potential payoff for it on the black market. The impact of such breaches could cost lives if the data gets into the wrong hands. (from Information Security Today)


  • With large DDoS attacks being easy to coordinate, expect more breaches to come via that avenue. DDoS attacks don't need to last long to be effective. (from Symantec)


  • PoS breaches will happen more frequently, which could include restaurant chains as potential targets. (from ThreatStream)


Machine Learning

  • Big data will play a large part in the future of cybersecurity, because companies need to be proactive when dealing with threats. Predictive information security analytics could help turn the tables on attackers. (from Symantec)



  • Companies will ask for more advanced analytics for mobile security monitoring. (from SecurityWeek)


Cyber Insurance

  • Signing up for cyber insurance policies will happen more frequently, especially for retailers, restaurants and healthcare. The rush to purchase coverage will include even small businesses. (from ThreatStream)


BitSight's 2015 Information Security Predictions

  • The types of damage to breached companies like Sony and Target are transforming the way information security professionals have to protect their data. We won't say one specific company is in more trouble than another, but the ones that take significant steps to improve their level of protection will be in a much better position to avoid future breaches. We expect attackers' propensity to find new ways to profit off of stolen data to continue.
  • Retail will struggle to keep up with the various cyber threats in today's landscape (which we analyzed here).
  • We consistently see Healthcare as an industry lagging behind others, so unless there are drastic changes soon, we expect that to remain the case.
  • Some breaches will attract more press coverage than others. That doesn't mean that the amount of media attention determines the amount of risk though. Data from more than a million consumers was compromised in the Staples breach because almost 10% of Staples' stores were infected with PoS malware, but that hasn't received nearly as many bylines as some of the previous cyber attacks.
  • More Boards will demand information security initiatives to reduce their company's risk. Interest in increased information security is currently growing at the board level. The security risk an acquisition target poses is becoming a more and more important element of due diligence, because companies see the business impact.
  • Cyber Insurance will continue its fast-paced growth, and insurers will increasingly turn to analytics as a way to measure risk - they have no other option to safely grow their revenue.
  • The smartest companies will increase their effort to shore up the security of their third party vendors to mitigate the risks they pose. 

So many information security predictions posts have a negative connotation, but we'd like to add some optimism looking ahead to 2015.

ThreatTrack Security found that 94% of security professionals surveyed are optimistic their ability to prevent security breaches will be better than it was in the past.



Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.