Cybersecurity - Are You Prepared?

Cybersecurity - Are You Prepared?

We’re all reading about the increasingly common risk of cybersecurity exposure, the bad actors launching attacks from all over the world, and the embarrassing press announcements by companies that have been victims of these attacks. What doesn’t make the news is what company management teams should know to protect themselves from such attacks, or to recover from them if the protection wasn’t adequate (and when DoD gets hit with an attack, you know your defense will NEVER be adequate if you get in the crosshairs of a bad guy). And now with the advent of generative AI – aka ChatGPT and its offspring – who knows where that will go?

So what constitutes “protection”? There are a growing number of laws, state, federal and international, that dictate actions we must take to protect our data and the data of the people we do business with. They’re all different – not surprising since there’s no foolproof set of rules to follow – and it’s not possible, even if it were financially affordable, to comply with them all. Now what?

Since your protection can’t be perfect, you can be sued by regulators or those whose data you compromised. Dollar cost and a huge hit to your reputation. The makings of a perfect storm if you’re the target. A panel held earlier today by SecureTheVillage.org, a nonprofit dedicated to educating us about this challenge, raised some challenging questions and offered some potentially helpful answers. For example:

·?????? What makes a lot of sense as a starting point is to get a thorough cybersecurity risk assessment by someone other than your IT department or your contract provider. Try to understand why you might be a target, because that will tell you something about where to start to develop a defensible policy. Given your business, what laws are you subject to? What might “defensible” mean if you are challenged under those laws?

·?????? If you’re hauled into court, your defense could be that your protective policies were in compliance or were reasonable in the circumstances. Short of compliance with all the disparate rules that exist, saying your control practices were reasonable can be pretty hard to define and perhaps even harder to defend. A more effective approach might be to develop controls that are defensible in the circumstances, meaning they would hold up in a courtroom. Again, what that means in practice is not a slam dunk, but it’s a strategy to guide your processes that could help you avoid a successful attack in court on top of the attack on your data.

·?????? Insurance is nearly impossible to get today, or to keep, for cyber risks unless you know exactly what your insurer requires you to have in place, and then you implement and maintain exactly that. Do they require compliance? And what does that term mean to their claim adjusters? If you have insurance today, checking this out could avoid a nasty surprise: a non-renewal decision or a claim made but denied by your insurer, again trying to avoid the double hit to your bank account and reputation.

·?????? Given all that information, how much risk are you willing to accept? Can you put an estimated dollar amount on that, and can you accept that as a cost of doing business?

No one knows the perfect answers to those questions. But you have to ask. Or be prepared for whatever comes down the road. Do you feel lucky?

要查看或添加评论,请登录

Gene Siciliano的更多文章

  • Thinking of selling? Don't overlook the family office...

    Thinking of selling? Don't overlook the family office...

    While the pandemic and the often painful recovery over the past couple years may have slowed down many private company…

    2 条评论
  • Noses in, Fingers Out, One More Time

    Noses in, Fingers Out, One More Time

    That expression will be familiar to readers who have served on boards of directors or have had some board governance…

    3 条评论
  • What To Do When a Project Fails

    What To Do When a Project Fails

    We have been in business for over 30 years, providing financial management services, and guidance, to the management…

    3 条评论
  • I'm Not Bragging, Just Reporting

    I'm Not Bragging, Just Reporting

    Most of us put some of our hard-earned money investing in the stock market, hoping to attract more gains more than…

  • Safe or Easy? - Pick One

    Safe or Easy? - Pick One

    North Korea-backed hackers stole $1.7bn (£1.

  • Timing is Everything - in Commercial Real Estate Too

    Timing is Everything - in Commercial Real Estate Too

    When Michael Dell started assembling computers in his dorm room in 1984, his timing couldn’t have been better. When…

  • Handling conflict on the Board or avoiding it – a choice

    Handling conflict on the Board or avoiding it – a choice

    As an enthusiastic member of the Private Directors Association, I read with interest the solicitations of candidates…

  • They settled. You shouldn’t.

    They settled. You shouldn’t.

    Last year we worked with a client in the furniture distribution business, a successful, rapidly growing company with…

  • Beware These Real Estate Financing Potholes

    Beware These Real Estate Financing Potholes

    I have been buying commercial real estate for nearly 20 years, and each investment has involved the use of leverage…

  • The Value of a Management Retreat

    The Value of a Management Retreat

    I joined an out-of-state client of mine last week for their quarterly offsite management retreat, a regular exercise…

社区洞察

其他会员也浏览了