The overwhelming shift to mobile and cloud computing among both businesses and consumers will see some surprising additions to the risk landscape in 2016. Global IT and cybersecurity association ISACA shares five cyber risk trends for the coming year that chief information security officers (CISOs) and chief information officers (CIOs) should have on their radar.

“There is no question that cyberattacks are on the rise, but what is changing dramatically is the type of attack and the targets that bold fraudsters are focusing on,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at INTRALOT. “In 2016, organizations must be sure that they have the cybersecurity framework, knowledge, skills and resources to manage these new threats.”

Five Key Cybersecurity Trends for 2016

Research studies and insights from ISACA’s Cybersecurity Nexus (CSX) reveal five trends in cybersecurity that are expected to surface in 2016, including:

1. Cyber-extortion Will Hit Wearables, Medical Devices and Gaming Systems

B2B use of the Internet of Things (IoT) will more than quadruple by 2020, when the worldwide total of connected devices is expected to reach 5.4 billion. That means wearables, medical devices, clinical systems, gaming systems, smart home devices and others may be increasingly vulnerable to security risks. Nearly three-quarters of IT professionals believe the likelihood of an organization being hacked via an IoT device is medium or high, according to ISACA’s IT Risk/Reward Barometer study.

In particular, IoT devices are a convenient target for fraudsters, especially those attempting ransomware (a type of malware that denies access to the victim’s computer and data until the hacker is paid). Since 2012, the number of victimized enterprises—most of them small businesses—agreeing to make ransomware payments has increased from 2.9 percent to 41 percent.

2. Hackers Will Increasingly Target Cloud Providers

Because more data are shifting outside of organizations through use of hybrid and public clouds, 2016 will bring more attempts from cybercriminals to gain direct access to that information. IT leaders are taking notice. In a recent Osterman Research survey, approximately 76 percent4 expressed concern about consumer-grade cloud storage, including file sync and share solutions.

3. Millennials Will Care More About Privacy Breaches

Surveys reveal a shift in thinking among Millennials, who have traditionally valued privacy less than other age groups.

2015 marked a number of high-visibility hacks that exposed the personal data of millions; further, Millennials are the generation most likely to use non-traditional IoT devices that are more abundant—and more vulnerable to security risks—than ever. These factors will prompt many Millennials to be more proactive with app providers and other businesses to ensure their private information stays private.

4. Mobile Malware and Malvertising Will Cause Mayhem

As more services and advertising move from the desktop to mobile devices, 2016 will see a massive increase in the frequency of malvertising (the practice of injecting malicious advertisements into legitimate online advertising networks).

These and other types of mobile breaches have prompted an overwhelming majority of cyber experts (87 percent) to speculate that mobile payment data breaches will increase over the next 12 months.

5. Cybersecurity Will be the “It” Job of IT

One of the greatest threats to national and global economic security is the cybersecurity skills gap, and that shortage of experts will continue to stifle CISOs and CIOs in 2016.

More than half of the global cybersecurity professionals surveyed by ISACA and RSA Conference reported that less than a quarter of job applicants are qualified for the cybersecurity position they are seeking. Not surprisingly, this challenge has also made cybersecurity a lucrative career option and a “hot” job: it was named #8 on the 100 Best Jobs by U.S. News & World Report.

According to Robert Stroud, CGEIT, CRISC, past international president of ISACA and principal analyst, Forrester Research, enterprises are justifiably concerned about the changing threat landscape of cybercrime: “Too few cyber teams are prepared for the new forms of attack. While phishing and malware remain problematic, IT leaders must quickly address new threats tied to IoT, mobile devices, the cloud and other evolving technologies.”

ISACA offers a wide range of resources on cybersecurity and related issues, and many are free of charge. The organization has also established Cybersecurity Nexus (CSX) to help organizations develop a skilled cybersecurity workforce and help individuals advance their careers through training, guidance, education and credentialing. For more information, visit


Established in 1969, ISACA is a global nonprofit association of 140,000 IT audit, risk, governance and cybersecurity professionals in 180 countries.