A whirlwind. A train wreck. A dumpster fire. However you decide to label 2017, one thing is clear \u2013 a lot of stuff went down this year that will forever change the way we approach cybersecurity. You can no longer turn a blind eye towards things like planning and communications. There aren\u2019t excuses anymore for keeping cybersecurity locked in the IT department, away from other measures of business risk.2017 taught us a lot of lessons, but rather than focusing on the flashy headlines, here are five specific trends that rose above the noise and will still be relevant in 2018.Cyber communications cannot be ignoredIf there is a single takeaway that defined 2017, it\u2019s that anyone who doesn\u2019t include cyber communications as a core element of cybersecurity program is setting themselves up for failure. When one of the biggest costs of a data breach is the damage to your company\u2019s reputation, the way you talk to everyone matters \u2013 before, during and after.Whether its communicating a new cyber strategy to the Board or justifying a budget increase to a skeptical CFO, good communications sets the stage for your entire program. When a breach occurs, the way you communicate will determine the ultimate cost of the incident. Losing customers \u2013 and watching them file suit on the way out the door \u2013 is one of the biggest drivers of post-breach cost.Between Equifax, Uber and Yahoo, 2017 offered plenty of case studies in poor communications, but the overall message was loud and clear \u2013 good cyber communications matters now, and is just going to matter more in 2018.Small businesses are increasingly valuable targetsSmall and mid-sized businesses have always been the backbone of the American economy, but throughout 2017, small businesses were increasingly viewed as hugely valuable targets for cyber criminals. According to the Verizon Data Breach Investigation Report, 61% of all cyberattacks target small businesses. Between the unexpectedly valuable information stored on their systems and often more relaxed security, this trend isn\u2019t surprising.2017 showed us that between their own data and backdoor access to bigger client data and systems, the attractiveness of small businesses isn\u2019t fading any time soon. Whether you are a small business owner or just do business with one, this trend will still matter in 2018.It\u2019s all about the ecosystemCybersecurity professionals have been looking beyond the firewall to protect their companies for a while now, but in 2017, the cyber ecosystem raised its head and reminded us that vulnerabilities can exist anywhere. As companies are increasingly reliant on outside vendors for basic services and supply chain, the number of entry points into a network has grown exponentially.This increased access is having an effect. A recent Poneman Institute survey found that 56% of respondents experienced a breach caused by a third party, and only 57% had a complete list of all the third-party companies they did business with. Regulatory bodies are even starting to count third party oversight as a compliance measure.So, whether you contract out for legal services, buy materials from a supplier, or just rely on someone else to maintain your HVAC system, the risk posed by the cyber ecosystem in 2017 is only going to increase in 2018.A good response depends on a good planRather than Quixotically trying to prevent 100% of all attacks, 2017 emphasized resilience and business continuity, which require active input and a quick response from across your organization.This means having robust plans where everyone knows their roles and responsibilities, so when the lights go out, you can keep chaos to a minimum and increase your odds of getting things back up and running. Unfortunately, the recent EY Global Information Security Survey found that while 69% of respondents have some type of incident response capability, only 8% described it as robust.Response time was a critical measurement of success in 2017, and as the pace of attacks increases good planning will play an even bigger role.Regulations are getting smarterNew regulations started cropping up in 2017, and unlike previous generations with a one-size-fits-all approach, these left the door open for companies to tailor compliance to their specific risk profiles. One of the more impactful was the New York Department of Financial Services new cybersecurity regulation. It requires specific security-related functions, rather than dictating specific technical solutions.While the jury is still out on its ultimate impact, a regulatory framework that prioritizes a modern, business-led approach was a welcome change. Here\u2019s hoping 2018 brings more of the same.In myriad ways 2017 was definitely one for the history books, and if we pay attention to the things that mattered this year, we\u2019ll best position ourselves to make next year a lot less exciting \u2013and that\u2019s a good thing.