worker in a store

We all recognize the threat of cybersecurity vulnerabilities and the importance of protecting our businesses against those who wish to take advantage, but the reality is many businesses just aren't taking the right steps to do so. Some also seem to be trying to convince themselves that they are, even when they know they should be doing more.

Part of protecting your business is following industry trends and having an understanding of how criminals are penetrating systems and taking the precautions to keep them out.
Information technology research and advisory company Gartner named its top security predictions through 2020. As we look forward to the last couple years of the decade, it's worth taking note of what the research giant with 40 years of experience believes the top trends in cybersecurity will be. They include:

1. Almost all vulnerabilities exploited will still be ones that professionals know about

Gartner thinks that through the end of the decade, as many as 99 percent of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least a year. The firm believes businesses should focus on fixing any vulnerabilities they are aware of, noting that they're easier and less expensive to fix than to mitigate.

2. One-third of successful attacks on enterprises will be on their shadow IT resources

"Business units deal with the reality of the enterprise and will engage with any tool that helps them do the job," writes Gartner's Earl Perkins. "Companies should find a way to address shadow IT and create a culture of acceptance and protection versus detection and punishment."

3. Organizations will develop data security governance programs to prevent breaches from public clouds

The firm insists companies should develop enterprise-wide governance programs by identifying policy gaps and obtaining cyber insurance as appropriate.

4. The use of passwords and tokens in medium-risk use cases will drop significantly because of recognition technologies

According to Perkins, passwords are "too entrenched in business practices" to stop being used entirely, but he thinks companies need to use products that focus on environments with "continuous trust" and good user experience. He says organizations should press vendors for biometric and analytic capabilities.

5. Over 25 percent of identified enterprise attacks will involve Internet of Things (IoT), but IoT will account for only 10 percent of IT security budgets

This prediction speaks for itself. The takeaway is that businesses shouldn't overlook this important part of their security budgets because doing so may result in problems that are much more difficult and expensive to mitigate.

Other noteworthy facts

Earlier this year, Nationwide commissioned Edelman Intelligence to conduct a survey of 1,000 U.S. business owners. Some other noteworthy trends emerged from the findings:

Businesses don't want to admit when they've experienced a cyberattack

Nobody wants their customers to think they don't have good security, so it's no surprise that businesses are reluctant to admit when they've faced attacks. Only 9 percent of business owners admitted their business was a cyberattack victim, but when given a list, 50 percent said their business has experienced at least one type of harmful cyber activity.

Most businesses that have cyber insurance and experienced an attack were fully covered

The survey found that of the over half (58 percent) of business owners who experienced a cyberattack with cyber insurance, 82 percent were fully covered. As Gartner recommended, it's imperative that companies get protection when appropriate. Cyberattacks are on the rise, and breaches can get very costly. Explore what cyber insurance is and how having protection can help you.

Most businesses don't have a dedicated person or vendor in charge of combating cyberattacks

According to Nationwide's survey, 64 percent of business owners do not have a dedicated employee or vendor in charge of detecting and combating cyberattacks. That means cybersecurity isn't a complete focus for anyone on these companies' behalf. This is problematic for obvious reasons (and further indication that insurance is needed).

Few millennial business owners are concerned about their use of new technologies

Interestingly, millennials, who have long lived in the digital age, don't seem to be showing an appropriate amount of concern about looming threats. Only 36 percent of millennial business owners are concerned that their use of new technologies like artificial intelligence, autonomous vehicles, robotics and drones will increase the likelihood that their business will be targeted for a cyberattack.

Take note of these trends, and consider adjusting your own thinking and approach when applicable. The security of your business depends on it!


Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey between April 9-20, 2018, among a sample of 1,000 U.S. business owners. Business owners are defined as having between 1-499 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-3 percent at the 95 percent confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.

Nationwide is providing this information as part of its Business Solutions Center website content and e-newsletter. The information included on this e-newsletter and the Business Solutions Center website is designed for informational purposes only. It is not legal, tax, financial, or any other sort of advice; nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate, in parts. It is the reader's responsibility to comply with any applicable local, state, or federal regulations, and to make their own decisions about how to operate their business. Nationwide Mutual Insurance Company, its affiliates, and their employees make no warranties about the information, no guarantee of results, and assume no liability in connection with the information provided.