Data breaches are expected to rise in 2014, The Wall Street Journal reported. Two reports from security firms Kroll and Experian said that top corporations will need to adjust their cybersecurity practices in order to combat these future threats.
The two reports delve into the industries that will be most susceptible to threats in 2014 and how companies should be preparing for them
Health Care A Probable Target
The reports stated there will be an increase in data breaches, but Experian focused on the threats faced by the health care industry. The Experian report said the recent difficulties with people signing up for health insurance coverage under the mandates of the Affordable Care Act may indicate the system could result in enrollees becoming victims of online identity theft and other forms of data breaches.
"When combined with new Health Insurance Portability and Accountability Act data breach compliance rules that require more notification, the health care industry is likely to make the most breach headlines in 2014," the report stated.
Combat Threats In 2014
In order to combat these threats, Experian predicts that more companies will add cyberinsurance that covers data-related risks to their coverage packages. The Wall Street Journal reported that currently only one-third of companies have bought coverage.
The Kroll report believes National Institute of Standards and Technology and related security frameworks will play a big part in preventing breaches. Kroll Senior Managing Director Alan Brill said companies need to stay on top of the rising threat of cyberattacks before it gets out of hand.
"To minimize their risk, organizations will have to get smart on these standards and make strategic business decisions that give clients and customers confidence that their information is protected," he said.
Legal Implications of Data Breaches
The Wall Street Journal said that these possible threats next year can lead to regulatory penalties, shareholder lawsuits and damaged reputations for companies. Brill said in a statement that board members for the companies need to do their due diligence in order to protect their interests.
"As corporate boards carry out their fiduciary responsibilities, they must also protect the company from possible shareholder lawsuits that allege the company's cybersecurity wasn't at a level that could be reasonably viewed to be 'commercially reasonable' and that incident response plans weren't in place to mitigate the risk," Brill said in a statement. "The challenge they face is determining what is a reasonable level of security and response, and who should make that call -is it their IT team, an industry expert, an independent third party?"