NIST and similar security frameworks will become the de facto standards of best practices for all companies.
Between the Snowden fallout and increased scrutiny by the FTC and other regulators in the U.S. and around the world, cybersecurity strategies that were largely designed for companies that were part of the “critical infrastructure” will become more of an expectation for everyone – from conducting an effective risk assessment to implementing sound cybersecurity practices and platforms. Whether compulsory or unstated, these standards will drive organizational decision-making with regard to cybersecurity. Organizations that don’t follow suit may find themselves subject to shareholder lawsuits, actions by regulators, and other legal implications.
“This trend will move the U.S. in the direction of the EU, where there is a greater recognition of privacy as a right,” said Alan Brill, senior managing director at Kroll. “As new laws evolve that reflect the NIST guidelines and look more like the EU privacy directive, some U.S. companies will find themselves ill-prepared to effectively respond to the regulations. To minimize their risk, organizations will have to get smart on these standards and make strategic business decisions that give clients and customers confidence that their information is protected.”
Kroll, a global leader in risk mitigation and response solutions, recently released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.