As companies look to transition to a new normal in 2021, Forrester has forecasted that data privacy matters will become more pressing, while potential budgeting issues and evolving international relations are set to impact cyber security professionals.
Enza Iannopollo, senior analyst at Forrester, identified three privacy-related trends that will underpin organisations’ transitions to the new normal:
- “An ever-increasing appetite to collect, process, and share sensitive personal data from consumers and employees;
- “Despite the recessionary economy, values-based consumers will increasingly prefer to engage with and entrust their data to ethical businesses;
- “Regulatory and compliance complexity in relation to data privacy will increase further.”
Heidi Shey, principal analyst at Forrester, commented: “Organisations will continue to adapt to new business models and changing customer expectations simply because they must in the face of economic uncertainty, social movements, and changing geopolitics.
“This will have significant impact for information and IT security professionals across the globe.”
Should CEOs take responsibility for cyber-physical security incidents?
Privacy predictions
Regulatory and legal action relating to privacy will rise
Due to organisations looking to make use of consumer and employee data, legal and regulatory action related to employee privacy is predicted to rise by 100%.
Among this, countries such as Brazil, India and Thailand will follow European regulators in monitoring employee data protection.
As such, companies will need to take a privacy-by-design approach when handling employee personal data, including 1) identifying requirements; 2) assessing specific privacy and ethical risks; and 3) communicating transparently with employees.
Zero-party data collection will provide marketing opportunities
With third-party cookies falling out of favour, 25% of CMOs will look to invest in consent and preference management in 2021.
This will allow for contextually relevant, zero-party data collection, and allow marketing teams to manage consent, including opt-out and do not sell, and customers’ preferences.
Additionally, this kind of technology could improve data insights and help to enhance customer experience (CX).
Overcoming flat data to unlock business insight and productivity
More privacy leaders will report to the CEO
As the matter of privacy carries increased effects on company revenue, the proportion of privacy leaders reporting directly to the CEO is predicted to rise from 23% in 2019 to 40% in 2021.
This will see those who are chiefly responsible for data privacy receiving increased support from the C-Suite, as organisations look to embed this area into CX.
CCPA 2.0 will lead to the introduction of federal privacy legislation in the US
The California Privacy Rights Act (CPRA), an evolution of the current California Consumer Privacy Act (CCPA), will be passed in 2021 according to Forrester, which will increase federal protection for users.
As a result, companies will need to become familiar with the aspects of the new regulation that apply to them, and determine how aggressive they will be compared to what lawmakers are passing at the state level.
The UK will become a “third country” for data protection matters
Forrester predicts that the UK will officially become a “third country” from a data protection perspective over the course of 2021, starting this January.
Because of this, organisations that store the data of company or employees in the UK will need to either migrate this data to another geography that can offer sufficient protection, or implement standard contract clauses (CSS).
Companies will need to focus on three key actions: 1) assess compliance with UK data protection requirements, including the UK GDPR; 2) determine how lack of an adequacy decision will impact data transfers across your ecosystem; and 3) get working on your transition strategy.
Cyber security predictions
Data breaches caused by insider incidents will increase
According to Forrester, insider incidents, accidental or malicious, will be a factor in a third of all data breaches in 2021, up from 25% today.
This will be caused by a combination of rapid evolution to remote working during the Covid-19 pandemic, fear of job loss, and the ease with which data can be moved.
As a result, threat defence and employee engagement should be prioritised, and organisations should keep in mind that trust is not a control.
VC investment in non-US based cyber security firms will rise
As moves are made by the European Commission to promote digital sovereignty, and further economic protectionism increases in Asia, it’s predicted that venture capital (VC) funding outside the US will rise by 20%.
Meanwhile, security and risk (S&R) professionals at multinationals will need to consider point solutions based on region, and chief information security officers (CISOS) should look for regional security tech opportunities by scouting startups.
Angel investor vs VC: which should your tech start-up pitch to?
A toxic security culture will be grounds for termination for CISOs
Another evolution of the CISO role forecasted by Forrester for 2021 is that a toxic security culture, which will be more public due to increased legal action, will lead to the contracts of those in this position at Global 500 firms being terminated.
Eight of Forrester’s top 10 causes for toxicity in cyber security relate to a failure in leadership, meaning that a positive culture in this area will be more vital than ever.
Retail and manufacturing will have more breaches due to direct-to-consumer shift
In 2021, more brands will look to sell directly to consumers rather than through retailers and distributor supply chains.
This means that companies are evolving their engagement models with more applications, which will lead to more data breaches.
As a result, brands that are shifting in this manner will need to prioritise product security, build a developer champions program, and explore breach and attack simulation tools.
Audit findings and budget pressure will lead to uptake of risk quantification tech
Due to economic uncertainty, many organisations have made major cuts to staff and tech, which has led to compliance difficulties.
In 2021, an increase in audits and budget pressure will mean that CISOs must look to address possible audit issues and risks, and that risk quantification technology will see an uptake.