Kroll: organizations get serious about security in 2014.

• Position: CYBERSECURITY

Kroll's recently released 2014 Cyber Security Forecast highlights seven trends that indicate changing tides in cyber standards and the need for organizations to take stronger actions to protect themselves from financial, legal, and reputational risks.

1. Security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework will become de facto standards. "This trend will move the United States in the direction of the EU, where there is a greater recognition of privacy as a right," said Alan Brill, senior managing director at Kroll. Whether compulsory or unstated, these standards will drive decision-making in organizations that want to protect themselves from shareholder lawsuits, actions by regulators, and other legal implications.

2. The data supply chain will continue to challenge even the most sophisticated organizations. Contracting with third parties to store or process data will continue to be commonplace, making it imperative that companies closely vet their subcontractors as to their technical and legal roles and responsibilities in the event of a breach. This requires technical, procedural, and legal reviews.

3. The malicious insider will remain a serious threat but will become more visible. Kroll predicts that in 2014 a significant number--if not almost half- of data breaches will come at the hands of people on the inside. However, as the federal government and individual states add muscle to privacy breach notification laws and enforcement regimes, the hidden nature of insider attacks will become more widely known.

4. Corporate board audit committees will take a greater interest in cybersecurity risks and how the organization plans to address them. Data breaches pose significant threats to the...