Influencers
DOUG TAIT Business lawyer
Cyber insurance : a complicated necessity
Whether an organization suffers a cyber incident is no longer a question of ― if ‖ but ― when ‖ and as such , cyber security is a risk to be managed not solved .
The basic game plan of cyber risk management is to minimize risk . However , no amount of technology , policies or training can guarantee that an organization will not suffer a cyber security incident . Accordingly , once an organization has minimized its risk using technology , policies or training , it should consider transferring the risk that cannot be removed through investment in further security measures , to a cyber insurance policy . In fact , due to the increasingly high costs associated with a cyber incident , many consider cyber insurance not as a mere consideration but rather as an absolute necessity .
The complete article is here
Chuck Brooks Principal Market Growth Strategist — Cybersecurity and Emerging Technologies for General Dynamics Mission Systems
There is , however , an urgent need for the legal community to add an element to their operations to make them more in line with cybersecurity ; actions to enable providing better protection of their data against breaches .
The complete article is here
Seth Jaffe , CBCP , JD Seth is our official rocket scientist in residence .
When it comes to cyber security , lack of vendor oversight can lead to legal trouble
Third-party cyber security programs got a shot in the arm this week in the form of two legal actions . The first , well summarized by Sue Ross over at Norton Rose Fulbright , is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products , Inc ., alleging that BLU ’ s failure to oversee its vendor ’ s security practices amounts to a violation of Section 5 of the FTC Act . FTC consent orders are generally 20 years in length , and require adherence to a strict ― never-let-this-happenagain ‖ program . Indeed , BLU would have to implement a comprehensive data security program with a biennial assessment and all sorts of compliance obligations . In short , consent decrees come with an operational and monetary sting , and violation of one can find the company staring down the barrel of steep fines .
The complete article is here
A cybersecurity action list for law firms
There is a congruency with the legal community ’ s mission of preparedness and the practice of cybersecurity . A primary requirement of the legal profession is to obtain data and explore evidence , access the implications of that evidence , and prepare accordingly to protect and serve the client . Cybersecurity also follows that framework .