Skip to main content

Cybersecurity & data privacy trends in 2020

(Image credit: Image source: Shutterstock/deepadesigns)

Cybersecurity continues to be the number one “external concern” for American CEOs, regardless of their industry. That’s because the number of cyberattacks is increasing every year --with hackers attempting to break into a computer “every 39 seconds on average.”

The annual costs of these attacks is expected to reach an incredible $6 trillion by 2021, according to Cybersecurity Ventures. As a result of this data privacy crisis, major corporations are boosting internal investments in cybersecurity and collaborating with South American software development firms to protect their customer’s data.

Looking forward, 2020 promises to be the year when several cybersecurity trends converge. Companies will continue to increase their cybersecurity budgets in order to thwart malicious actors and respond to recent data privacy legislation in Europe and parts of the United States.

5G and the Internet of Things (IoT) will also add billions of internet-connected devices into the world. Each of these is a potential target for hackers. Finally, the tech talent crisis will continue to affect the data privacy sector disproportionately. That’s because the number of job openings for cybersecurity experts is increasing faster than the supply of these specialists.

Cybersecurity budgets

Cybersecurity is at the top of every corporate executive’s mind. Companies have already started increasing investments in data privacy. Research has found that cybersecurity budgets have increased by 141 per cent from 2010 to 2018.

As a result, global investments in information security are expected to total more than $124 billion in 2019. 

What’s more - companies are currently spending between $1,300 to $3,000 per employee on cybersecurity. This averages to about $2,300 per employee for most businesses. This, however, is not nearly enough. That’s why corporations are expected to increase information security spending by 8.7 per cent per year.

Investments in cybersecurity are not limited to major corporations or Big Tech companies either. Small and mid-sized enterprises are expected to increase the size of their data privacy budgets by more than 14 per cent in 2019 alone. Additionally, 89 per cent of these companies have now created a dedicated executive role in charge of cybersecurity.

Federal, state, and local government leadership is investing in cybersecurity as well. The National Association of State Chief Information Officers recently ranked data privacy as the number one priority for 2019. Other surveys of city and county government officers have produced the same results.

5G & the IoT

The fifth generation of wireless technology is already here. Telecommunications companies like AT&T, Verizon, and Sprint have begun rolling out 5G service to major cities in the United States and consumers are expected to have full access to the technology by the end of 2021.

5G tech is so important because it will make the IoT a reality. This interconnected network of internet-enabled devices already exists. However, its potential is limited by the slow speeds of 4G wireless. The ultra-fast 5G network will allow these devices to transfer exponentially more information with download speeds of up to 10Gbps.

The upcoming 5G rollout is one reason why experts predict that more than 36 billion devices will be connected to the internet by the end of 2020. Unfortunately, all of them will be exposed to security threats. In fact, research has found that the “first wave of IoT attacks” already began back in 2016.

This makes the expanded IoT a nightmare for cybersecurity experts, who must figure out how to protect cell phones, security systems, vehicles, smart homes, and more devices from being breached.

Software developers must respond to this threat by integrating security patches into devices and waiting to release electronics until security has been fully tested and assured. Some of the most common types of attacks to prepare for are botnets, distributed denial of service, RFID spoofing, Trojan viruses, malware, and malicious scripts.

Data privacy regulations

Governments across the world are responding to the global cybersecurity crisis by creating new regulations that govern the way companies handle and store valuable consumer data. This includes important information such as personal identifications, banking and credit card numbers, and purchase history.

The European Union, in particular, has been a leader in this field. One of its pioneering efforts is the General Data Protection Regulations (GDPR) what was passed in 2016 and went into effect in Spring 2018. It impacts all companies that do business with European customers, regardless of where the company is located.

The GDPR requires that companies receive consent from consumers before processing data, collect and store data anonymously, and notify customers when their information has potentially been breached. It also requires large businesses to appoint a data privacy protection officer to oversee implementation of the regulations.

Furthermore, while the U.S. federal government has yet to create a set of strong data privacy protections, several states have drawn up their legislation, including Hawaii, Massachusetts, Maryland, Mississippi, New Mexico, and Washington.

However, the most important of these regulations come from California, the largest state in the country by population with nearly 40 million residents. The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020, and governs the way companies must store and secure data.

CCPA allows consumers to demand crucial information about their personal data held by corporations.

When requested, businesses must inform consumers about the type of personal data they possess, provide them with specific personal information collected in the previous year, and allow customers to request that their information not be shared with third parties. Companies will also have to delete customer data when requested.

The talent crisis

Perhaps the most important cybersecurity challenge faced by American businesses is the shortage of cybersecurity experts.

Research conducted in the past year demonstrates that 53 per cent of IT workers report that their company is short on cybersecurity skills--an increase of 11 per cent since 2016. What’s more, 69 per cent of cybersecurity experts said that their team is understaffed.

Today, more than 58 per cent of cybersecurity experts also reported that their organisation has unfilled information security roles. That’s a major reason why Cybersecurity Ventures recently estimated that the global shortage of cybersecurity will reach 3.5 million unfilled positions by 2021.

Unfortunately, there’s no end in sight for this crisis. The number of cybersecurity openings continues to grow rapidly, while universities are still graduating the same, small amount of qualified information security experts.

Businesses must increase their compensation packages and other benefits in order to compete for the limited number of data privacy specialists. In addition, companies will have to focus on internal training programs to develop cybersecurity experts in-house, while simultaneously partnering with software outsourcing firms in South America to fill the talent shortage in the meantime.

Conclusion

Cybersecurity is expected to remain the top priority for American corporate executives over the next several years. That’s because the number of data breaches is rising and hackers are increasingly using sophisticated techniques, like AI, to break into well-protected systems.

Changes in data privacy regulations also mean that companies are scrambling to update their policies before the new regulations go into effect. They’re also working with South American development services, increasing the size of their budgets, and hiring cybersecurity experts in large numbers as vulnerabilities in existing security protocols become apparent.

Finally, the global rollout of 5G wireless technology, combined with the expansion of the IoT, means that more and more vulnerable devices will be connected to the internet over the next several years. This adds up to the cybersecurity challenge, that will need the dedicated focus of all its actors to be overcome.

Paul Azorin, Founder and Chief Technology Officer, BairesDev