Stopping Data Breaches Will Require Help from Governments
Not a month goes by without a major corporation suffering a cyber attack. Often state-sponsored, these breaches are insidious, difficult to detect, and may implicate personal information relating to millions of individuals. Clearly, the current approaches to safeguarding sensitive data are insufficient. We need to reorient expectations for the role of the private sector in cybersecurity. As the risk of cyberattacks has become better appreciated, we see an increasingly punitive focus on holding corporate America solely responsible.
Multiple, overlapping laws at the national and state level require companies to have “reasonable” security, a concept that is largely undefined and elusive, especially given that threats and available defensive measures constantly evolve. And regulatory enforcement actions and lawsuits in the wake of cyberattacks declare any exploited security vulnerability to be de facto “unreasonable,” without a meaningful assessment of the company’s overall security program or acknowledgement that the company has been the victim of a crime.
Read this article in the Harvard Business Review written by Samir C. Jain and Lisa M. Ropple, partners at Jones Day. This article represents the personal views and opinions of the authors and not necessarily those of the law firm with which they are associated.
Posted on December 17, 2018
- Ninth Annual Cost of Cybercrime Study – Accenture Report
- Strength through Simplification: Taming Cyber Security Complexity in 2019
- ‘Everyone is spying on everyone’ – Expert’s warning over increase in cyber attacks
- “Australia gains the top score on regulations supportive of AVs” according to KPMG
- Fusion’s response on reforming vocational education and training
- The next big thing has arrived – and it’s smarter than humans