Is your Board addressing these two issues?
We’ve been talking about how your Board and shareholders have a vested interest in understanding and overseeing how yourcompany will defend itself against the effects of cybercrime. Here are two more areas where you will need to have plansand your board should be focussed on how they will be handled
Unless their goal is pure mischief, most cyber thieves are seeking data that can be monetized in some fashion. Customerdata is a rich trove of data, providing thieves with the information to steal identities or hack bank accounts andcredit cards. Only, they don’t just want your customers’ data. Your business has its own proprietary and financialinformation. You have company credit cards and bank accounts.
Should you suffer a significant loss of customer data, you may be subject to legal regulations. At the very least, youare likely required to notify the victims and the state or legal entity that regulates data loss in your jurisdiction orindustry sector. For example, HIPAA has reporting requirements. Beyond reporting requirements, there may be financialpenalties that can be imposed for significant data loss, especially if it could have been avoided via more strictinternal controls. Again, HIPAA is an excellent example. California now has data regulations and the European Unionimposes severe penalties for data loss that impacts any resident of the EU, even if the violator is not located withinits geographic boundaries.
Your entire c-suite should be focussed on these issues and working with the Board to get the support and investment toprotect the organization.