Clouded understanding will lead to an outsourced mess. The ISF believes that continuing cost pressure will lead to a new digital divide that separates businesses into organizations that understand the marriage between IT and information security and organizations that don't. It predicts leading organizations will appreciate the strategic value of channels, systems and information and will invest in those areas. Organizations that don't get it will suffer competitive disadvantage and heightened risk of damaging incidents.

New technologies will overwhelm. The ISF expects organizations to continue to rapidly adopt new technology. Along with the business benefits of doing so will come new vulnerabilities and methods of attack. Organizations must understand their dependence on technology or suffer a nasty surprise.

The supply chain will spring a leak as the inside threat comes from outside. The ISF notes that a modern organization's data is spread across many parties, leaving their data vulnerable to incidents that affect their suppliers. The ISF says these risks will increase as organizations further digitize their supply chains, outsource additional functions and rely on external advisors.

To prepare for these threats, the ISF recommends security professionals help senior management understand the value of information security. Organizations should adopt information security governance and integrate it with other risk and governance efforts within the organization. Businesses also need to understand their risk appetite and ensure the value of continuous security investment meets the business need and is adequate and well spent.

Finally, enterprise also need someone to take ownership of coordinating the contracting and provisioning of business relationships, including outsourcers, offshorers, supply chain and cloud providers.