C-Level Magazine – Minnesota Edition
Author: Steven C. Kerbaugh and Katie Zuroski
CYBERSECURITY THREATS ARE EVER-PRESENT
The recent Yahoo! data breach, which affected more than 500 million accounts, has companies of all sizes particularly attuned to cybersecurity issues and looking for solutions. Cybersecurity – which can generally be defined as security from attacks against, or unauthorized access of, computer networks and/or data – should be on every business executive’s mind. Ignoring the threats could prove disastrous.
According to IBM and the Ponemon Institute, the average cost of a data breach in the United States is $7.01 million, and the global average cost per lost or stolen record containing sensitive information is $158. Among other things, such costs result from post-breach investigation expenses, legal bills, identity protection services, regulatory compliance measures, and the implementation of new technology.
Moreover, one of the biggest financial consequences of a data breach is customer turnover due to lost trust. Lost trust and concerns about continuing security issues may also prompt civil lawsuits and government investigations. Knowing and complying with cybersecurity laws should be a top priority for any company seeking to avoid such consequences.
THE COMPLEX LEGAL FRAMEWORK SURROUNDING CYBERSECURITY BREACHES
There is a patchwork of overlapping laws and regulations relating to cybersecurity issues. For example, there are specific cybersecurity breach reporting laws in certain industries, including the health care and financial services industries. Forty-seven states have some type of breach notification laws, though they vary between states. And agencies such as the Department of Justice, Office for Civil Rights, Federal Trade Commission, and Food and Drug Administration all have the ability to investigate data breaches.