@jerry I'll add to that:
- breaches will continue to be blamed on "hackers" instead of dismal state of IT security
- IoT and supply-chain attacks will spawn a bastard child of a problem when IoT vendors start providing (limited, incomplete) updates but fail to secure their infrastructure
- more regulation (some for the better, some for worse) is going to come after GDPR trailblazed and showed it can work.