As natural philosopher and onetime baseball catcher Yogi Berra reportedly said: \u201cIt\u2019s tough to make predictions, especially about the future.\u201dBut that doesn\u2019t mean people and organizations don\u2019t try \u2013 for good reason. In the world of business, correctly seeing the future even a few months out can provide a leg up on the competition or, in the case of cybersecurity, on ever-present attackers. A missed guess can leave one scrambling to catch up.[ See how our predictions made out from this past year ]So, herewith are some predictions for 2015 on security from research firms Gartner and Forrester Research, and from Arthur W. Coviello Jr., executive chairman of RSA. (Watch a slideshow version of this story.)Nation states vs. private sector(Coviello) Nation-state cyber-attacks will continue to evolve and accelerate but the damage will be increasingly borne by the private sector.\u201cWith no one actively working on the development of acceptable norms of digital behavior \u2026 we can expect this covert digital warfare to continue,\u201d Coviello said.\u00a0And it will increasingly be private sector firms that will be, \u201cthe intended victim or the unwitting pawn in an attack on other companies.\u201dThe rise of integrated threat intelligence(Gartner) Internet of Things (IoT) device revenue growth of almost 30% will create new vulnerabilities and security demands relating to both physical and digital environments. The expected convergence of IoT security and information security technologies, along with increased regulatory activity directed at protecting critical infrastructure, will drive demand for integrated threat intelligence capabilities, including IoT-related threat data feeds.More money, much more scrutiny(Forrester) Security budgets will see double-digit growth in sectors outside of banking and the defense industrial base.The downside to those increases will be an enormous amount of scrutiny and much higher expectations, not just from business leaders and counterparts in technology management, but also from customers, government agencies, and privacy watchdog groups.The quest for a uniform threat language(Gartner) The drive toward a common framework adopting a uniform language, such as Structured Threat Information Expression, will accelerate as a result of the complexity and challenges brought by the need to integrate IoT security data inputs for indicator of compromise (IOC) detection.Pragmatic privacy(Coviello) A maturing privacy debate will become more pragmatic and balanced. Prospects for responsible privacy policies and intelligence sharing legislation that would better protect our privacy may improve.\u00a0One test of this prediction will be the outcome of the EU General Data Protection Regulation, which may reach a final form in 2015.More billions of things, more billions of risks(Gartner) 4.9 billion connected things will be in use in 2015, up 30% from 2014, creating disruption, continued opportunities and continued risk.\u201cOrganizations must straddle the tension of all the information available from smart things by balancing their desire to collect and analyze it with the risk of its loss or misuse,\u201d according to Steve Prentice, vice president and Gartner Fellow.Find the breach, botch the response(Forrester) With new investments in breach detection, a large majority of companies (60%) will discover a breach, or more likely be informed of it by a third party like a government agency, security blogger or a customer.But they will likely botch the response, given that only 21% of enterprises report that improving incident response is a critical priority. That means more cases of customers\u2019 trust undermined or corporate reputations dragged through the mud.Unhealthy exposure(Coviello) While retail will remain an ongoing target, well-organized cyber criminals will increasingly turn their attention to stealing PHI \u2013 personal health information. It is not as well secured, is very lucrative to monetize in the cybercrime economy, and is largely held by organizations without the means to defend against sophisticated attacks \u2013 healthcare providers.Competing on privacy(Forrester) Privacy will be a competitive differentiator, not just through lip service, but action \u2013 appropriate privacy policies, enforcement and building privacy considerations into business operations and the products or services offered to customers.That will require the leadership of a privacy champion \u2013 a Chief Privacy Officer, Data Protection Officer, or privacy professional. Today, about a third of security decision-makers in North America and Europe view privacy as a competitive differentiator. That will increase to half by the end of 2015.\u00a0The essential, more secure, mobile payment option(Gartner) A renewed interest in mobile payment will arise, together with a significant increase in mobile commerce, due in part to the increased security features of Apple Pay and similar near-field communication (NFC) efforts by competitors such as Google.As device manufacturers and application developers improve usability and functionality and address users' security concerns, devices will become even more of an essential tool for customers, particularly the younger demographics.Beware the Botnet of Things(Coviello) The increase of machine-to-human and machine-to-machine interaction will only exacerbate the situation described in a tweet this past year as: \u201cWho needs zero days when you\u2019ve got stupid?\u201d\u00a0Get ready for the Botnet of Things.\u00a0This trend along with the strong growth of IoT in the healthcare sector and the accompanying risks to PHI, has ominous implications.