Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based KnowBe4, warned of one specific hacking method criminals are likely to focus on.

"In 2016, you will see an integrity attack in the financial sector in which millions of dollars will be stolen by cyber thieves who will modify selected data in the transaction stream, resulting in a significant redirection of payment to anonymized accounts," he said. "How they will get in? Spear phishing."

Here are experts' top cybersecurity predictions for the year ahead:

Old Threats Will Persist

Data thieves will take advantage of weak passwords or other holes found within critical or sensitive systems, one expert noted.

"Hackers are specifically looking for personally identifiable information to steal, to ultimately sell on the black market," Dodi Glenn, vice president, cybersecurity at the Sioux City, Iowa-based PC Pitstop, pointed out. "IT admins need to ensure they have strong passwords, and are consistently monitoring the health of the network for potential threats. They also need to ensure their systems are patched, and do not contain vulnerabilities."

Jespersen said he expects to see a continued shift from simple, executable malware to increasingly faster introductions of new, creative and advanced persistent threats and exploits, including some that are extremely targeted.

Targeted distributed denial of service attacks may also rise, particularly when a company angers the public, Glenn warned.

"The loosely formed hacking group Anonymous has published tools that are designed to take down websites and servers by sending bogus data to them," he said.

Ransomware Crime Wave Expected

"Ransomware attacks doubled in 2015 and will double again in 2016," Sjouwerman said. "The U.K. is to some extent a bell weather for the U.S. More than half – 54% – of all malware targeting U.K. users in 2015 contained some form of ransomware. Buckle up!"

He added so-called cyber mafias will focus on professional services firms and local governments to extort tens of thousands of dollars.

"Cryptowall will be the first strain of ransomware to hit one billion dollars in damages," he said.

Data at rest on protected servers and databases are most vulnerable to ransomware attackers, Steve Lowing, director of product management at the Needham, Mass.-based Promisec, said. As more companies look to back up and protect their most sensitive systems, attackers will continue to seek new ways to exploit data, including by threatening to reveal companies' sensitive data to the public, he pointed out.

To avoid detection, hackers will continue to use new approaches.

"As attack methods are proven successful, they get passed along and less sophisticated attackers benefit from the advancements of a few," Lowing said.

Remote Worker Protection Needed

The importance of securing mobile workers is expected to rise in 2016.

"The reality is, fewer employees are connected to corporate networks compared to just a few years ago, implying that visibility and control over these endpoints is spotty at best," Lowing pointed out. "Many will be left behind on old, exploitable OS releases or versions of common applications."

As the number of remote workers grows, employers must ensure security products adequately address mobile demands, utilize patches, and see that problematic and blacklisted apps are not loaded on company devices, Lowing said.

Malicious Insiders, Employee Slip-Ups to Linger

Phishing and spear phishing emails will continue to be a major source of data loss and system breaches, simply because they work and require little effort to execute.

"It's hard not to put phishing attacks at the top of the list of organizational vulnerabilities for 2016," Jeff Smith, information security officer for the Pittsburgh-based Wombat Security, said. "Each employee is a potential inroad for attackers. Users have a lot of power within organizations."

He said he expects hackers and social engineers to exploit points of entry, either by attacking employees directly or through third-party associates such as vendors and service providers.

Users may still be their own worst enemies. Lowing warned advanced phishing campaigns will continue to be a prime attack vector for initiating infiltration, while over-sharing on social media will fuel the fire by giving attackers the information they need to strike.

So how do organizations combat this employee-based threat? Training might be a good place to start.

"One simply cannot assume employees understand what the threats are and that they know how to react and respond appropriately," Smith advised.

Ondrej Krehel, founder/CEO of the New York City-based LIFARS, added, "Practicing is needed to be able go over a real crisis and learn how to effectively defeat attacks on organizations."

Mobile Malware to Rise

Mobile malware, specifically mobile banking Trojans, are on a trajectory to become much more prevalent in 2016, Sjouwerman noted.

"These attacks will pose a significant problem for many financial institutions, which have thus far mostly ignored the threats mobile devices pose," he said.

Given the increase in mobile payments, mobile is a ripe target for attacks.

"All signs point toward mobile as far as attack surface goes, and mobile payments and transactions seem to be likely targets," Lowing noted.

Execs to Ponder BYOC Lockdowns

The popularity of Bring Your Own Collaboration means organizations face increased data leakage and privacy compliance risks, Gordon said.

"File encryption, usage controls and gateway content filtering allows companies to mitigate data exfiltration, and with all of the available layers of security that can be put to bear, organizations should resolve to prevent data leakage of customer information and intellectual property in 2016," he said.

Glenn added, "As the world of connected devices continues to grow, IT admins will face the decision of locking down, or freeing up, their network for devices brought in by their employees."

Boards Will Prioritize Risk Management

Boards of directors will finally treat enterprise risk as equal to financial, reputational and legal risk, Sjouwerman explained.

"Too often board members see the light only after a data breach," he said. "This year will be a very important year for cyber insurance. PwC predicts that the cyber insurance market will triple in the next five years and force boards to take a long, hard look at the cost of their continued insecurity."

Jespersen pointed to studies that show consumers abandon even their favorite brands after a breach.

"With security and trust becoming an even greater part of the customer relationship, companies need to communicate how they are addressing the issue before a breach occurs," he noted. "Apologizing after a breach happens isn't good enough anymore."

Passwords May Disappear

"This year, we have seen banks truly embracing innovation in the security space, from Halifax experimenting with heartbeat technology, to banks across Europe adopting behavioral biometrics as a means to authenticate digital banking users," Neil Costigan, CEO of the Swedish security company BehavioSec, said.

Sjouwerman said he sees foresees more biometric authentication taking shape.

"Passwords will start to disappear as biometrics like voice and face recognition go mainstream, and two-factor tech like authentication code generators on mobile phones will spread exponentially," he said.

Hackers May Exploit the IoT

Internet of Things security standards related to the 6.4 billion connected "things" in use globally are currently a hodgepodge, and Sjouwerman warned the more cutting edge hackers will create the very first BoT – a.k.a. the Botnet of Things.

In addition, as more electronic IoT products that do not communicate with one another are deployed, services that support device-to-device communication will become more relevant.

"It takes human genius to put all that together in some sort of an orchestrated fashion to run smoothly," Krehel said.