Another year has passed and we again welcome October, National Cybersecurity Awareness Month.
It seems a bit dismissive to have only one month dedicated to cybersecurity awareness given the magnitude and number of cybercrime events that have occurred over the past 12 months. Massive data breaches at major retailers, financial giants and targeted cybercrime against small- and medium-sized businesses snatch the headlines of daily media. According to the National Cyber Security Alliance, 20 percent of small businesses fall victim to cybercrime each year. More importantly, some 60 percent of those businesses that are victims of cyber crime will go out of business within six months after an attack. To this end, the U.S. Department of Homeland Security recently announced its month-long campaign that showcases what emerging and established businesses can do to protect their organization, customers and employees in a week-long event called, “Cybersecurity for Small and Medium-Sized Businesses and Entrepreneurs.”
Our Cybersecurity, Privacy and Infrastructure Protection legal team is actively monitoring legislative efforts both at the state and federal levels, especially as the trend continues to concentrate on how best to effectively incent investments in prevention (continuous monitoring, cyber intelligence gathering, internal controls, etc.) while balancing the impact of the cost of these investments to small- and medium-sized businesses.
From a litigation standpoint, we are watching the duty of care expected of those who possess or store data -- as it relates to potential liability. The duty of care is evolving, as we begin to see more robust theories of data breach liability arising out of an organization’s failure to have adequate preventive measures.
Pullman & Comley is participating in several cybersecurity awareness events this month including spending one-on-one time with our clients to review their security practices and assist them in understanding the various programs available to them to gauge their “cybermaturity.”
While it may sound cynical, we believe a cybersecurity event isn’t a question of “if” it will happen as much as it is “when” will it happen. Cyberrisks are real, so don’t be caught off guard.
If you have concerns or questions about how you are managing your cybersecurity program -- or, if you don’t have one -- please contact us because we can offer you our counsel on where to improve and/or concentrate your efforts in the most effective and efficient means.
[View source.]