Cybersecurity Regulation And Litigation: The 800 Pound Gorilla In The Boardroom
“Carrots” can work as an incentive for corporate reform, but often a stick is needed to drive meaningful change at the highest levels of corporate America. After all, it was only 18 years ago when the Sarbanes-Oxley Act was passed into law which forced corporate boards to put financial experts into the boardroom for the first time. It’s amazing in hindsight to think that it took regulation, as a result of financial reporting disasters of Enron, Worldcom and others, to force such a basic and obvious competency into America’s boardrooms.
I recently talked with Chris Hetner, former SEC Senior Cybersecurity Advisor to the Chairman of The United States Securities and Exchange Commission on the changing regulatory landscape when it comes to cybersecurity.
Long story short, the regulatory sticks are coming out on cybersecurity.
Bob Zukis: What’s the big picture trend that’s unfolding on cybersecurity throughout corporate America’s regulatory environment?
Chris Hetner: So much of our conversation is around the weakness in cybersecurity risk management and complying with data privacy regulations, such as the GDPR and California laws, which depend on strong cybersecurity controls and defenses. These monumental developments can obscure another regulatory story already unfolding. US Federal regulators have been significantly escalating penalties related to cybersecurity and data privacy. We’ve seen fines of $16 million, $25 million, $170 million, $700 million, even $5 billion, from a range of regulators that includes the Federal Trade Commission, Federal Communications Commission, Securities and Exchange Commission, and Department of Health and Human Services.
The shifting regulatory landscape coincides with economic and technological changes that are helping a new cybersecurity dynamic take hold in boardrooms and C-suites around the world that span every industry. Corporate cybersecurity leadership today must start at the senior-most levels — with boards, enterprise risk executives and CEOs. This reality creates new pressures but also significant opportunities — as a competitive advantage and differentiator.
Article written by Bob Zukis for Forbes
Read the full article here