Influencers
DOUG TAIT Business lawyer
Cyber insurance: a complicated necessity
Whether an organization suffers a cyber incident is no longer a question of ― if ‖ but ― when ‖ and as such, cyber security is a risk to be managed not solved.
The basic game plan of cyber risk management is to minimize risk. However, no amount of technology, policies or training can guarantee that an organization will not suffer a cyber security incident. Accordingly, once an organization has minimized its risk using technology, policies or training, it should consider transferring the risk that cannot be removed through investment in further security measures, to a cyber insurance policy. In fact, due to the increasingly high costs associated with a cyber incident, many consider cyber insurance not as a mere consideration but rather as an absolute necessity.
The complete article is here
Chuck Brooks Principal Market Growth Strategist— Cybersecurity and Emerging Technologies for General Dynamics Mission Systems
There is, however, an urgent need for the legal community to add an element to their operations to make them more in line with cybersecurity; actions to enable providing better protection of their data against breaches.
The complete article is here
Seth Jaffe, CBCP, JD Seth is our official rocket scientist in residence.
When it comes to cyber security, lack of vendor oversight can lead to legal trouble
Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’ s failure to oversee its vendor’ s security practices amounts to a violation of Section 5 of the FTC Act. FTC consent orders are generally 20 years in length, and require adherence to a strict ― never-let-this-happenagain ‖ program. Indeed, BLU would have to implement a comprehensive data security program with a biennial assessment and all sorts of compliance obligations. In short, consent decrees come with an operational and monetary sting, and violation of one can find the company staring down the barrel of steep fines.
The complete article is here
A cybersecurity action list for law firms
There is a congruency with the legal community’ s mission of preparedness and the practice of cybersecurity. A primary requirement of the legal profession is to obtain data and explore evidence, access the implications of that evidence, and prepare accordingly to protect and serve the client. Cybersecurity also follows that framework.