Last year, Experian conducted a study in conjunction with the Ponemon Institute, which found that a third of the more than 635 companies surveyed already had a cyber insurance policy in place, while another third indicated that they would get one within the next 12 months. Obtaining cyber insurance also helps organizations become better prepared for dealing with the threats they face from cyberspace.
“In that same Ponemon survey, 70 percent of the respondents said that they felt like they were better prepared just by applying for cyber insurance because you’re actually going through a pretty good sized cyber security checklist,” said Bruemmer. “I think that companies that do that take their cyber security much more seriously and are better prepared even if they don’t follow through immediately with contracting with the carrier to get a policy.”
5. Breach fatigue
While people are concerned about data breaches, Bruemmer said that because one in about every four consumers received a breach notification letter in the last year, they’re not taking them as seriously.
“They concerned about being spammed. What do I need to do? The letters are unclear and they just cast them aside instead of doing something with them,” he said. “We think that the number of people having letters sent to them, which was one in four last year, will probably go to somewhere between one in three and one in four.”
6. Going beyond the regulatory checkbox.
Because state and federal officials, such as attorney generals, are much more “amenable” to working with organizations before a breach occurs, Bruemmer believes that this spirit of cooperation between government officials and businesses will continue in 2014.
“Companies, hopefully because of the predictions we’re making, will take note and take, not only cyber security incidents, but data breach preparedness more seriously because they need to be on the watch. I use the analogy of every building has to have a fire evacuation plan, but that plan isn’t any good until you’ve practiced the fire drill and ensure everyone can get out in the allotted time and I think that applies to a data breach incident response plan,” Bruemmer concluded.