Here is a very clearsighted article on the topic of what to expect in the field of hacks, breaches and cybercrime. In the article, Igor Volovich paints a dim picture of the recent past (Target, Home Depot Wyndham) and resulting data loss and leaking of confidential customer PII.
In the US, the FTC will increas its scrutiny of information security. We can expect penalization of irresponsible behaviour and will see enforcement happening.
This creates an incentive for firms to cover up their breaches, and lost or stolen data.
Which in turn, creates a situation in which whistlebower will have an important impact if they come forward. In the US, whistleblowing has been
“recognized and protected under SOX, GLBA, Federal and State laws, as well as industry-specific regulatory frameworks. The Dodd-Frank Act ensured additional protections for corporate officers who come forward with evidence of misconduct or wrongdoing, and created financial incentives for whistleblowers to report securities violations and fraud.”
The need to act preventively is especially crucial in the era of the IoT:
“The manufacturers and suppliers competing for the lucrative space on our wrists, in our pockets, our kitchens, cars, and office buildings must prove to us their technologies are safe, secure, and resilient before we allow them to take over our lives to the tune of 50 billion connected devices projected to surround us by the year 2020.”
Because, if they don’t, they do so at great legal peril.
It should be expected, that Europe and the APAC region will follow, albeit under different circumstances, given by their regional / national laws.