Security predictions—A way to reduce uncertainty

Abstract Rapid changes in security threat landscapes cause uncertainty for IT operations and security professionals and may force changes to organizations’ security strategy. Decision support data that help reduce ambiguity or even predict future developments in this regard can thus be of economic value. Based on over 200 security predictions published in 2015, we use a topic modeling approach to identify 17 underlying predicted threat developments. To verify the extent to which these predicted threat topics were realized in 2016, we solicited opinions from respondents with varying experience of IT and information security. In addition, we reviewed secondary sources to corroborate the survey results. Based on the presented findings, we conclude that the security predictions for 2016 did foresee notable developments in that year. The identified latent predictions were related to hacking political campaigns, large-scale data breaches of personal data and health records, increasing threats from various types of malware, specifically ransomware, and large-scale DDoS attacks. The findings of this research are relevant to IT executives and security professionals, who can apply this approach to improve the effectiveness of organizations’ technology and cyber security strategy.