Leadership is Key to Managing Significant Cyber Risk
Chief Executives in the US identify cybersecurity as their primary concern. A new global survey taken by The Conference Board reports that American CEOs fear the external risk of cybersecurity over recession, global trade and competitors. And yet, in an apparent disconnect, the same study showed that among internal risks, these same leaders listed “compliance with data privacy regulations” nearly last. For such an important external business risk, how is it that executives do not appear to take ownership of the internal responsibilities tied to cyberattack risk? The calamitous risk that executives rightfully fear is the reason that they must take real action to implement cyber risk prevention today.
Internal data privacy controls and cybersecurity (aka data protection) are two sides of the same coin. Privacy is the outcome of having strong controls against the risk of compromise. The loss of personal information creates potential liability and exposure to fines, whereas protecting that data properly reduces the risk of compromise and legal exposure.
CEOs Are Witnessing ‘A Change in the Governance Landscape’
While the constant drumbeat of cyberattacks on the daily news has hit the consciousness of CEOs, what appears to still be lacking is an appreciation that institutional protections for privacy are mounting. Every state now has a data breach statute, with some jurisdictions – such as in Colorado, Utah, California, New York, and others – imposing additional affirmative duties for protecting privacy. The courts, another institution that exists to balance legal interests, are also increasingly ruling in favor of claims to establish and respect duties of care concerning data privacy. There is a clear trend in the law, toward establishment and respect for a duty of care for data privacy.
It’s important that corporate leaders take note of this trend and possess a duty to protect privacy. Warren Buffet called cybersecurity the greatest threat to business today. When The Oracle of Omaha, a business icon, characterizes cybersecurity in a stark, call to action way, business executives should recognize that an important trend has emerged. Paying attention to protecting data privacy is now a leader responsibility.
Understanding your business exposure is key to addressing the threat. Lewis Roca Rothgerber Christie can help you assess your threat. We provide clients service in risk assessment, data policies and practices, compliance, incident response and litigation, including breach coaching and crisis management.