Tagged: cybersecurity

Cyber Incidents Underscore Absence of Real Private Sector Cybersecurity Standards

Sometimes it takes a public event to remind corporate risk managers about the importance of effective risk management.  While corporate risk management functions have become yet another “hot” topic or new-fangled response to corporate failures to prevent obvious risk, most organizations continue to wander in the world of reactive business planning rather than proactive prevention.  It has been fairly obvious for years that most corporate...

Cybersecurity Oversight: A Board Challenge

Corporate boards face exponentially escalating risks – at the heart of this development is the rapid escalation of board member accountability.  Board members are no longer operating in a sinecure, free from legal risks.  The walls are changing. A perfect example of the changing landscape of risk is the importance of cybersecurity oversight and protections.  The criminal cyberattack against the Colonial pipeline and the acknowledge...

The SolarWinds Cyber-Attack – The Devastation and Wreckage

The SolarWinds cyber-attack was devastating in scope and impact. If any lesson can be learned from this event, the SolarWinds case presents all the pitfalls, enforcement and reputational damage, rolled into one tragic series of events. In a recent 10-K disclosure, SolarWinds announced that it is the subject of ongoing investigations conducted by the Department of Justice, the Securities and Exchange Commission, and various state...

Cybersecurity Threats, Data Privacy and the Important Role of Compliance

Most compliance officers will admit that they have more than enough responsibilities in their purview.  They are usually not looking for more.  I have some bad or good news on this front depending on your perspective. As companies struggle with cybersecurity and data privacy issues, companies should naturally turn to compliance to play a larger role in overall risk mitigation strategies.  Up to now, it...

The Obvious Partnership — Compliance and Cybersecurity

Cybersecurity compliance, like the compliance profession, is rapidly growing. The forces pushing cyber compliance are two-fold: the ever-increasing and changing nature of cyber threats and harms, and the logical application of compliance strategies. Compliance has to work closely with in-house corporate information technology. To the extent a company outsources information technology to a cloud provider, compliance will serve an even more important function in coordinating...

Planning for the Perilous Consequences of a Data Breach

The nightmare scenario for corporate boards and senior executives revolves around the impact of a major data breach. We have seen this first hand with Equifax, Anthem Healthcare, and Target, as prime examples.  In the Equifax case alone, it is estimated that approximately 140 million individuals had their information hacked in the attack.  It is easy to understand, in these circumstances, that a company can...

Cybersecurity Compliance for Financial Institutions

The New York Department of Financial Services has adopted detailed cybersecurity regulations for financial institutions.  (Here).  The NYDFS has filled a vacuum created by the failure of the federal government to act in this important area.  Congress has failed to enact any specific requirements; the federal government continues to rely on voluntary efforts and recommended standards.  As long as this vacuum continues, state regulators and...

Cybersecurity: The Law and Regulatory Framework

Cybersecurity law is a patchwork of global statutes and regulations.  Unfortunately, Congress has failed to act in this area, leaving the EU and US States to “lead.”  As a result, companies are often required to follow the lowest (or highest) common denominator, depending on your perspective. At the US federal level, we have specific industries that have requirements for protecting sensitive personal information.  The Health...