On January 7, we published a press release to share our five predictions for cybersecurity in 2025. Over the next few weeks, we’ll publish a blog series that provides additional commentary on each prediction. This is the second blog in the series. Check out the first and second blogs here. 

 

Prediction Key Takeaways:

  • We are experiencing a shift in tactics as criminals expand beyond identity theft and reputational damage into the realm of physical danger. Executives and high-net-worth individuals are quickly becoming prime targets for both cyber criminals and physical threat actors, blurring the line between online protection and physical safety. Corporations and those tasked with protecting them—whether cyber or physical protection—will find that having one without the other is not sufficient. 
  • In 2024, we witnessed the rise of targeted social engineering schemes that blend digital manipulation with threats to an executive or a family member. The harsh reality is that a cybercriminal doesn’t just exploit an executive’s personal laptop, they also exploit their physical security through carefully orchestrated cyber tactics that prey on their personal life and those closest to them. 
  • When we consider that 39% of executives onboarded by the BlackCloak team were in a “breached state,” the size of the problem becomes apparent. Digital Executive Protection is a necessity if physical security is to be enhanced.   

When focusing on the cyber threats that gain attention in the cyber space and the media, the first thought often concerns data privacy.

It’s not hard to understand why. Data privacy concerns are legitimate issues that people want addressed. It can be frustrating to learn about overreaching data collection practices or to find out that information has been shared with organizations with opaque motivations.

It’s also only a piece of the puzzle, and the year ahead may signal the beginning of a demand for cyber awareness and coverage that goes beyond privacy concerns and focuses on data protection. Data Privacy – EMOTIV

Attention to data privacy will not go away, nor should it, but an increased emphasis on data protection may highlight how it can lead not only to enhanced digital security but also to shore up physical security.

Data protection, in fact, helps enhance the principles of strong data privacy. Data privacy refers to who has access to personal data, and data protection provides measures to prevent that information from falling into the wrong hands.

Strong data protection measures can help protect individuals from data breaches, especially if the information is encrypted. Thus, if personal information is stolen in an incident, it would be unreadable without an encryption key.

For organizations, data minimization and implementing access controls help limit the amount of information collected and who can access it. This is an example of how privacy concerns can be addressed with strong data protection practices.

Multifactor authentication and biometric verification are also helpful data protection measures for online accounts and the data that resides within them.

An increased emphasis on data protection practices such as these may soon be in higher demand, as the consequences of their neglect can be severe, both on a digital and physical level.

The reasons why it enhances digital security are familiar. Poor data protection and security can lead to data breaches. On an organizational level, these incidents could lead to financial losses, legal action, and reputational damages. For those who experience these personally, shoddy data protection could result in sensitive information landing on the dark web, leading to an increased risk of identity theft and financial losses.

Strong data protection practices significantly decrease the likelihood of a malicious incident. They can also prevent accidental leaks caused by human error, such as an unprotected database containing records holding sensitive personal information.

However, what may make an increased emphasis on data protection coverage more pronounced over the years isn’t digital security but how it can also impact physical security.

Unfortunately, there has been an increase in harassment campaigns where personal data is leveraged to target a specific individual.

This manifests in doxxing attacks, where personally identifiable information is published publicly for nefarious purposes. Should the wrong person get their hands on this data, they could track down where a person lives and harass them, or worse, physically harm the person they are targeting.

Doxxing can also lead to extreme cases such as swatting. These attacks are when a phony claim is made to law enforcement alleging a serious crime has been committed. The hope is law enforcement will raid the house of the accused, which can cause serious physical and psychological harm.

These types of attacks don’t seem to stop any time soon, and these types of physical threats are likely to evolve. Malicious individuals may attack someone if they know where they work and where they frequently visit.

This may ultimately drive an increased emphasis on awareness and coverage of data protection. Strong data protection principles can keep personally identifiable information out of the hands of bad actors and prevent them from knowing where a person may be at any given time.

As the world begins to understand that digital and physical security are essentially intertwined, more calls will be needed to learn how personally identifiable information is protected.

Data privacy is still an important field to which privacy and security professionals should devote their attention, but as the harms from data incidents move from identity theft and reputational damage into the realm of real, physical danger, so too will the calls for more knowledge on how these valuable data points are protected.

 

Stay tuned for our next prediction!

We also have a webinar coming up on January 23 to discuss our predictions live with industry experts. Register now to attend.