• United States




5 trends from 2017 that will still matter in 2018

Dec 15, 20174 mins
Backup and RecoveryCybercrimeData and Information Security

There were too many lessons to count, so here are 5 things that aren’t going away any time soon.

7 response
Credit: Thinkstock

A whirlwind. A train wreck. A dumpster fire. However you decide to label 2017, one thing is clear – a lot of stuff went down this year that will forever change the way we approach cybersecurity. You can no longer turn a blind eye towards things like planning and communications. There aren’t excuses anymore for keeping cybersecurity locked in the IT department, away from other measures of business risk.

2017 taught us a lot of lessons, but rather than focusing on the flashy headlines, here are five specific trends that rose above the noise and will still be relevant in 2018.

Cyber communications cannot be ignored

If there is a single takeaway that defined 2017, it’s that anyone who doesn’t include cyber communications as a core element of cybersecurity program is setting themselves up for failure. When one of the biggest costs of a data breach is the damage to your company’s reputation, the way you talk to everyone matters – before, during and after.

Whether its communicating a new cyber strategy to the Board or justifying a budget increase to a skeptical CFO, good communications sets the stage for your entire program. When a breach occurs, the way you communicate will determine the ultimate cost of the incident. Losing customers – and watching them file suit on the way out the door – is one of the biggest drivers of post-breach cost.

Between Equifax, Uber and Yahoo, 2017 offered plenty of case studies in poor communications, but the overall message was loud and clear – good cyber communications matters now, and is just going to matter more in 2018.

Small businesses are increasingly valuable targets

Small and mid-sized businesses have always been the backbone of the American economy, but throughout 2017, small businesses were increasingly viewed as hugely valuable targets for cyber criminals. According to the Verizon Data Breach Investigation Report, 61% of all cyberattacks target small businesses. Between the unexpectedly valuable information stored on their systems and often more relaxed security, this trend isn’t surprising.

2017 showed us that between their own data and backdoor access to bigger client data and systems, the attractiveness of small businesses isn’t fading any time soon. Whether you are a small business owner or just do business with one, this trend will still matter in 2018.

It’s all about the ecosystem

Cybersecurity professionals have been looking beyond the firewall to protect their companies for a while now, but in 2017, the cyber ecosystem raised its head and reminded us that vulnerabilities can exist anywhere. As companies are increasingly reliant on outside vendors for basic services and supply chain, the number of entry points into a network has grown exponentially.

This increased access is having an effect. A recent Poneman Institute survey found that 56% of respondents experienced a breach caused by a third party, and only 57% had a complete list of all the third-party companies they did business with. Regulatory bodies are even starting to count third party oversight as a compliance measure.

So, whether you contract out for legal services, buy materials from a supplier, or just rely on someone else to maintain your HVAC system, the risk posed by the cyber ecosystem in 2017 is only going to increase in 2018.

A good response depends on a good plan

Rather than Quixotically trying to prevent 100% of all attacks, 2017 emphasized resilience and business continuity, which require active input and a quick response from across your organization.

This means having robust plans where everyone knows their roles and responsibilities, so when the lights go out, you can keep chaos to a minimum and increase your odds of getting things back up and running. Unfortunately, the recent EY Global Information Security Survey found that while 69% of respondents have some type of incident response capability, only 8% described it as robust.

Response time was a critical measurement of success in 2017, and as the pace of attacks increases good planning will play an even bigger role.

Regulations are getting smarter

New regulations started cropping up in 2017, and unlike previous generations with a one-size-fits-all approach, these left the door open for companies to tailor compliance to their specific risk profiles. One of the more impactful was the New York Department of Financial Services new cybersecurity regulation. It requires specific security-related functions, rather than dictating specific technical solutions.

While the jury is still out on its ultimate impact, a regulatory framework that prioritizes a modern, business-led approach was a welcome change. Here’s hoping 2018 brings more of the same.

In myriad ways 2017 was definitely one for the history books, and if we pay attention to the things that mattered this year, we’ll best position ourselves to make next year a lot less exciting –and that’s a good thing.


Loren Dealy Mahler is a seasoned strategic leader with high-level government and private sector experience across national security, strategic communications and crisis management.

From the White House to corporate America, Loren has helped clients leverage effective communications strategies to further business and policy objectives, while mitigating brand impact through effective cyber incident planning and response.

Loren has advised top government officials in her roles as Director of Legislative Affairs at the National Security Council and as Communications Director for Office of Legislative Affairs at the Department of Defense. Prior to that, she ran the communications office for the House Armed Services Committee. After leaving government service, Loren helped Fortune 500 companies and national nonprofits grow and protect their organizations, as Vice President of Corporate Communications for a PR firm in New York.

In early 2016, she launched Dealy Mahler Strategies, LLC, and hasn’t looked back.

Loren is a graduate of Princeton University and holds a Masters in Public Policy from the McCourt School at Georgetown University.

The opinions expressed in this blog are those of Loren Dealy Mahler and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.