This article taught me that there will be companies that will be subject to the European Union’s (EU) General Data Protection Regulation (GDPR) and most arear behind the May 25 compliance deadline. I found this add as Regulators will not audit for GDPR compliance, so companies are vulnerable to fines only if there is a breach or EU citizens file complaints. Even if a company experiences a breach or complaint, regulators will likely treat it leniently if the company can document good-faith efforts to comply. To me what is the point of a governing body (GDPR) and regulations if there is a possibility of no audit. Therefore unless there is a complaint or visible issue a company may not even pay a fine.
At this point the GDPR is predicted to punish when the companies are caught. The other points that I see at my work place are the decline of password-only authentication will accelerate. Even my job there is dual authentication process for VPN and sign-on. There will be an increase in state-sponsored attacks and IOT which should not be a surprise to anyone. We are aware of how countries like Russia, Korea, etc are attempting to increase security hacking.
What I did find interesting is how there is a risk of more automation of threats. I always expected hackers to be precise and hands-on. Lastly the big issue will be trust. Who can companies trust with guarding and protection and implementing security measures.