While many companies implement security controls and firewalls in an attempt to limit external access to a company's network, they oftentimes fail to recognize the additional risk of criminal or careless employees and other internal risks. Information-sharing arrangements between companies also pose unique dangers and challenges. Furthermore, the growing number of regional, state, federal, and international laws regarding data privacy and security have made it even more difficult for companies to implement the proper security measures for legal compliance.
While many companies still see data security as a cost centre and fail to take the appropriate preventative steps, the recent high-profile cases of cyber crime have made many boards and management teams appreciate the importance of maintaining adequate data security controls to avoid reputational risks and protect proprietary information. To respond to the constantly changing risks, companies must remain vigilant and constantly engage in security by having the right security programs and policies, along with essential training and testing. An effective information security program comprises strong technology with sound and tested practices, and should protect the company from both internal and external threats. In the event a company experiences a security breach, it must be ready to follow its incident response plan and, ideally, should have the appropriate cyber risk or data breach insurance policy to transfer the risk.
In a recent roundtable discussion sponsored by Financier Worldwide Limited, Ron Raether, partner at Faruki Ireland & Cox P.L.L., Russell Schrader, Chief Privacy Officer and Associate General Counsel – Global Enterprise Risk for Visa Inc., Jamie Bouloux, Cyber Liability manager for Europe at AIG, Jacob Olcott, Principal at Good harbor Security Risk Management, Neal Lawson, Managing Director of Intelligent Discovery Solutions, Inc., and L. Richard Fischer, partner at Morrison & Foerster, discussed these issues in-depth, including the trends and appropriate steps for companies to take. You can read a summary of the roundtable discussion here.