As the calendar turns to a new year and we gladly put 2020 behind us, here are a few predictions for the new year.
1. Data breaches and privacy violations will continue to grow in 2021. Despite regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), the average data breaches cost impact will rise again. Per the Ponemon Institutes latest Cost of a Data Breach Report, the average cost of a data breach in the US grew to a record $8.74 million per infringement.
2. More regulations. CMMC (Cybersecurity Maturity Model Certification) went live in 2020, and lawmakers only have one option to regulate industries that are unable or unwilling to prevent breaches independently. Last month, California passed Proposition 24 (California Privacy Rights and Enforcement Act or CPRA). CPRA will take effect on January 2023 and will create a new privacy enforcement agency. The agency will provide new definitions and protection for sensitive consumer data, expand and clarify the use and sharing of consumer data, and expand liability for data breaches. Without a national regulation, California law will become the defacto standard in the US. CCPA remains in effect until CPRA starts. The EU is working to reconcile PECR (Privacy and Electronic Communication Regulation) with GDPR to remove inconsistencies. The Phillippines will update the PDPA (Personnel Data Protection Act). The UK will formally leave the EU, and the UK Data Protection Bill will replace GDPR.
3. Cybercriminals will continue to focus on remote workers. Even as some companies will return to office work in 2021, other companies such as Twitter, Shopify, Nationwide Insurance, Siemens, Slack, Square, and Zillow have adopted policies to allow permanent work-from-home. The FBIs Intenet Crime Complaint Center (IC3) reported online crimes have quadrupled since the beginning of the COVID-19 pandemic.
SecureCircle's recommendation for 2021 is to adopt a Zero Trust Data Security posture that secures all data by default without relying on end-user involvement.