Your company will be hacked. Or, your competitor will be. Sooner than later. Though small business attacks don’t grab headlines, as companies rely on emerging technologies and big data, the risk of a data breach has become tangible, and can have devastating consequences.

Cyber attacks became a reality for government, enterprises, and startups in 2015. The US Office of Personnel Management hack exposed social security numbers of nearly 18 million current and former government employees. The Trump hotel chain suffered a months-long attack that uncloaked guest credit card numbers, and crowdfunding darling Patreon lost nearly 15GB of customer names and email addresses in a massive data dump.

Here’s what we can expect in 2016, according to a number of cyber security experts.

The Internet of Things will emerge as a prime target for hackers

Security in 2016 “will be IoT security themed,” said Rapid7 Security Research Manager Tod Beardsley. Deploying millions of connected refrigerators, televisions, and watches–produced by a slew of vendors, all with disparate security protocols–also raises a number of significant security flags. More devices means greater vulnerability.

“We’re looking to get loads and loads of these devices powered on and online through 2016,” said Beardsley, “and the IoT space doesn’t tend to get a lot of pre-sales security rigor applied to their design. The internet might get more unstable as these devices get compromised en masse.”

The good news is that–like the web before it–as platforms consolidate, the Internet of Things will be incrementally better and more secure with time, as researchers work with vendors to get ahead of problems, said Beardsley. “Or 2016 will be significantly worse as bad guys take advantage of immature IoT space. I’m hoping for the former, but worry about the latter.”

The hacking risk for small business will increase significantly

In their 2014-2018 forecast, data firm IDC issued a report showing that 71% of security breaches targeted small business. “Cyber-threats will continue to grow exponentially in volume, complexity, and threat vectors,” said Vijilan Security chief sales and marketing officer, Gary Mullen. “Small businesses are prime candidates for attacks, but lack the threat expertise and resources to monitor their security posture 24/7, leaving them exposed to hackers.

What you don’t know, can hurt you, said Mullen. “SMBs also tend to either ignore or not know about the cyber threats against them.” The best defense, he said, is to educate yourself and your employees about industry best practices, and to learn from the mistakes of others. Additionally, said Mullen, businesses will need to reallocate budget for security needs, and hold security firms accountable. According to Mullen, “asking [trusted security partners] to take full responsibility for the business’ cyber-security posture … will force the market to evolve in order to provide necessary cyber-threat detection and remediation services to their customers.”

Your phone is the threat

According to a recent study performed by mobile messaging company Pryvate, nearly 30% of US consumers share sensitive work data using a mobile phone. “[Small business] keenness to embrace the move towards ‘mobile first’ often sees them underestimating their need to invest in mobile security,” said CEO and Founder Jonathan Parker-Bray. “The use of personal devices in the work environment is now commonplace, yet many businesses still fail to have effective flexible working or Bring Your Own Device policies in place.”

The problem is aggravated further by the amount of malware targeted at mobile phones, said Parker-Bray. “The implications of [mobile malware] could be vast and it’s only a matter of time before a major data breach is caused by cyber criminals hacking a mobile device.”

Hacking is the new normal. As technology evolves, so too do targets. “In a mobile society where even small companies do business across the globe and sensitive work information is communicated digitally daily,” said Parker-Bray, “the need in 2016 for proper security is paramount.” Understanding emerging threats, he said, is the best way to prevent a data breach.

See also: