Faced with ever larger data breaches and a shifting technology and cultural landscape driven by digital transformation, boards and the executive suite started paying more attention to security in 2016 than ever before.\nHere are our picks for the most significant security trends in 2016, as illustrated in 15 stories from the past year.\n1. Security and digital transformation\nNew technologies and business practices made their presence felt in 2016. The cloud, mobile, data analytics and the internet of things (IoT) all changed and continue to change business models, processes and culture and the security function is struggling to keep up.\nHow blockchain will disrupt your business\nLike mobile and cloud, blockchain \u2014 first implemented in the original source code of bitcoin in 2009 \u2014 stands poised to profoundly disrupt business. If it lives up to its promise, it won't just be financial institutions that are disrupted.\nBy providing a way to record transactions as automated trusted activity among digitally networked peers, blockchain technology could increase cybersecurity and reduce or eliminate the roles of trusted intermediaries or centralized authorities in industry after industry.\nIs DevOps good or bad for security?\nDevOps is all about agility \u2014 rapid releases, automation and continuous integration and deployment. Most analysts are betting that it will be the new normal in software development within a few years. But constantly changing code, updating features and adding new capabilities also means more chances to introduce bugs or miss vulnerabilities, unless your security practice is set up with DevOps in mind.\nHow to build cybersecurity into outsourcing contracts\nAny time a company shares data or provides access to third-parties, it increases its vulnerability to unauthorized access or breach. In today's IT environment, in which enterprises partner with multiple IT service providers, who in turn may have multiple subcontracters, cyber risks increase exponentially. IT outsourcing customers must take greater care in building cyber-risk protection into their IT services and cloud computing deals.\nSecurity teams consulted too late on digital transformation\nDigital transformation initiatives bear their own risks. In the race to stay relevant and gain competitive advantage, many organizations are consulting their security teams too late in the process to allow them to have a meaningful impact on digital transformation projects.\nSecurity training programs don't do enough to mitigate insider risk\nFor years, organizations have been struggling to teach their employees best security practices in a way that actually have an impact. 2016 has been no exception. The threats posed by negligent insiders now top many security professionals' lists of security concerns, but even organizations that have data protection and privacy training programs in place aren't getting through to their employees.\n5 security bad habits (and easy ways to break them)\nProcrastination. Fidgeting. Biting your nails. These are all bad habits, but none so bad that they could bring a company to its knees. When it comes to security, however, some bad habits could be devastating, leaving your company vulnerable to hacks, data loss or theft or some similar type of security breach. The good news is that there are some simple steps IT can take to educate users on security best practices and make them part of the solution instead of the problem.\n2. Security threats, trends and best practices\nGiven the changes organizations are undergoing as a result of digital transformation, it should come as no surprise that security professionals are doing their best to understand future security threats, trends and best practices.\n9 biggest information security threats through 2018\nThe information security threat landscape is constantly evolving. In early 2016, the Information Security Forum (ISF) published its forward-looking view of the biggest security threats over a two-year period, ranging from leaks of sensitive data from IoT devices, to government-sponsored cyberattacks and a dramatic rethinking of cyber insurance as a result of large-scale data breaches.\n5 biggest cybersecurity concerns facing CIOs, CISOs in 2016\nWhile the ISF takes a high-level view of the security threat horizon, CIOs and CISOs also need to focus on the nitty-gritty details.\nWhaling emerges as major cybersecurity threat\n2016 also saw fraudsters up their game with a variant of phishing scams that began proliferating among enterprises. Called whaling, the social engineering grift typically involves a hacker masquerading as a senior executive asking an employee to transfer money.\n5 security practices hackers say make their lives harder\nWhether they identify as white hats, black hats or something in-between, a majority of hackers agree that no password is safe from them \u2014 or the government for that matter. Regardless of where they sit with respect to the law, hackers mostly agree that five key security measures can make it a lot harder to penetrate enterprise networks.\n3. Hiring and retaining security professionals\nIt's been true for years: Security professionals are in high demand. Attracting them and retaining them is no easy task, and it's becoming increasingly difficult as boards and senior management are taking a renewed interest in the security function.\nWhy CISO is the hardest tech role to fill\nCISOs are hard to hire because there are far too few business executives with the right mix of business and technical chops. Also, companies aren't exactly sure how much they're willing to pay a CISO. The shortage of seasoned CISOs, inconsistent policies around compensation and a lack of proper metrics means some companies are under-investing in cybersecurity.\n10 highest-paying IT security jobs\nData breaches, DDoS attacks, hacks and threats continue to dominate the headlines, so it's no surprise that some of the most in-demand IT jobs are in information security. And with a massive skills gap, companies are willing to pay handsomely for skilled security talent at all levels.\n4. Cybersecurity inertia\nEven as security incidents gather headlines and organizations pay more heed to security at the highest levels, some things never change. Inertia means many organizations remain on the back foot when it comes to security.\nHacked companies still prioritize innovation over cybersecurity\nThe notion that hacked companies are underinvesting in cybersecurity defies logic until you understand that most CIOs are told to prioritize innovation over risk mitigation. Companies grappling with digital transformations are racing to find their own Pokemon Go. CEOs laser focused on growing the business are loath to slow down to reduce risk. Ultimately, cybersecurity fails to become the imperative that it should be.\nLaptops most often stolen from most unlikely place\nThe rise of mobile in the enterprise has led many CIOs to become concerned about the potential for data loss due to a lost or stolen device \u2014 phones, laptops and the like lost in taxis, restaurants and hotel rooms. But CIOs also need to spend more time focusing on the office itself.\nCompanies complacent about data breach preparedness\nThe likelihood that companies will experience a security incident continue to rise every year. The good news is that most organizations have put a data breach preparedness plan in place to combat such incidents. The bad news is that most executives aren't updating or practicing the plan regularly.