Bleak Cybersecurity Future: Data Breaches on Track to Cost Companies $2.1 Trillion

I recently posted about how corporate general counsel now view cybersecurity as a top 3 concern. At this rate, it will soon be their #1 concern. A recent article in Corporate Counsel gives several reasons for why this problem will only continue to increase in volume, expense, and overall risk to companies:

  1. Companies continue to move more infrastructure online
  2. The annual cost of data breaches is projected to rise to $2.1 trillion by 2019
  3. Cybercriminals are more often hacking for profit instead of for “causes” as with hacktivism
  4. Nearly 60 percent of data breaches in 2015 are anticipated to be in North America
  5. The average cost of a data breach is projected to exceed $150 million by 2020
  6. Companies are developing quantum computers with so much power they will render ineffective all currently known defenses

Not only should corporate general counsel be concerned about cybersecurity, but so too should companies’ officers and directors because there is a growing trend toward liability for them as well.

Read more: Data Breaches on Track to Cost Companies $2.1 Trillion | Corporate Counsel.

technology

Cybersecurity is a Top Concern for Corporate General Counsel

LawyersWeekly has found that cybersecurity is now one of the top 3 concerns of corporate general counsel. It should probably be the first, given the trend toward finding liability for officers and directors for cybersecurity incidents.

See Growing Trend of Officer & Director Liability for Cybersecurity Incidents

Here are my key takeaways from the LawyersWeekly article:

  1. General counsel’s responsibilities more frequently include cybersecurity and data protection risk
  2. Cybersecurity is a top 3 concern among GC, ranking alongside compliance and value for money
  3. There has been a significant increase in cybersecurity compliance-related work and assistance with privacy complaints
  4. Larger companies are recognizing the seriousness of cybersecurity risk and putting in place processes and systems to manage it

Full article: GCs raise cybersecurity concerns.

Cybersecurity Keynote Address at International Association of Insurance Professionals Event

I am really looking forward to delivering the Keynote Address at the International Association of Insurance Professionals IAIP DFW NAIW Week event on May 12, 2015. My address, which will follow 2 hours of CE/CLE education on Cyber Liability, is titled Cyber Risk Reality Check but, the more I think about it, perhaps it should be called Cybersecurity: Mission Impossible?

Here are the materials from the event:

IAIP 2

IAIP 1

Will Officers & Directors Be Held Legally Responsible for Companies’ Data Breaches and Cybersecurity Incidents?

Will Officers and Directors be held legally responsible for their companies’ data breaches and cybersecurity incidents?

Will Officers & Directors Be Held Legally Responsible for Companies’ Data Breaches and Cybersecurity Incidents?

Will Officers & Directors Be Held Legally Responsible for Companies’ Data Breaches and Cybersecurity Incidents?

That is the question I addressed in Cybersecurity Risk: Law and Trends – A Director’s Duties Must Evolve With The Company’s, which was recently published in the Spring 2015 issue of Ethical Boardroom (see article below).

The article is short and gets to the point. It explains where the trend is headed on this issue as well as why it is moving in that direction. It also identifies some steps that Officers and Directors can take to help mitigate this risk — while also helping protect their companies from the dangers lurking out in the cyber world.

You can view the full article in the Spring 2015 issue of Ethical Boardroom, which begins on page 108, but I also recommend you take some time to look at the entire issue as it is very informative. As always, feel free to let me know if you have any questions or comments.

Target in Miami

A Few Thoughts on the Consumer Litigation Settlement in the Target Data Breach Case

Target in MiamiMany thanks to CSO Online and Michael Santarcangelo (@catalyst) for his excellent synopsis of our conversation regarding the recent settlement of the Consumer Litigation in the Target data breach lawsuit (note, the more substantive Financial Institutions Litigation has not settled).

Please give the full article a read and also give a shout-out to Michael on his Twitter and let him know what you think so he’ll call me again sometimes! :)  What security leaders need to know about the Target breach settlement

-Shawn

Chaos? Plan Ahead!

New Podcast: #DtSR Episode 130 – Where Law and Cyber Collide

I really appreciate the #DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] inviting me to tag along for another episode of the Down the Security Rabbit Hole podcast.

In this episode we discuss the following:

  • Traveler’s Insurance files suit against a web development company for failing to provide adequate security, resulting in a breach of one of its customers
  • FTC goes after LabMD for a data breach
  • Social media company TopFace pays a ransom to hackers

Go HERE for more details and to listen to the Podcast!