Stopping Data Breaches Will Require Help from Governments
Not a month goes by without a major corporation suffering a cyber attack. Often state-sponsored, these breaches are insidious, difficult to detect, and may implicate personal information relating to millions of individuals. Clearly, the current approaches to safeguarding sensitive data are insufficient. We need to reorient expectations for the role of the private sector in cybersecurity. As the risk of cyberattacks has become better appreciated, we see an increasingly punitive focus on holding corporate America solely responsible.
Multiple, overlapping laws at the national and state level require companies to have “reasonable” security, a concept that is largely undefined and elusive, especially given that threats and available defensive measures constantly evolve. And regulatory enforcement actions and lawsuits in the wake of cyberattacks declare any exploited security vulnerability to be de facto “unreasonable,” without a meaningful assessment of the company’s overall security program or acknowledgement that the company has been the victim of a crime.
Read this article in the Harvard Business Review written by Samir C. Jain and Lisa M. Ropple, partners at Jones Day. This article represents the personal views and opinions of the authors and not necessarily those of the law firm with which they are associated.
Posted on December 17, 2018
- Devices That Will Invade Your Life in 2019 (and What’s Overhyped)
- Cyberattacks Skyrocketed in 2018. Are You Ready for 2019?
- What Google Learned From Its Quest to Build the Perfect Team
- Top 5 Predictions for Federal IT in 2019
- The world’s most valuable resource is no longer oil, but data
- Are you tech ready for 2019?