"So investment firms, asset management firms, are likely to be the first wave of people who are likely to be examined," he said.
That will be the focus of the additional testing that is likely to take place this year, he said. But it won't stop there.
"In the end, this is all a push to raise the bar on cybersecurity across all institutions," he said.
While the regulators and legislators continue to struggle with the issue, the third branch of government, the judiciary, is also stepping up -- and may have an even bigger effect.
"When you see the board being sued for negligence, the board of directors is beginning to realize that that this is part of their governance and fiduciary relationships," said CenturyLink's Mahon.
"Things have changed a lot on the board level after the Target breach," said Torsten George, vice president of global marketing and product management at RiskSense. "It was a watershed event. The court sided with the consumers, and the court also sided with the consumers on the Windham Hotel suit. it also had major impacts on boards. those boards suddenly woke up."
Sign up for CIO Asia eNewsletters.