2013 Cyber Security Summit TakeawaysPrint PDFShare
This week's Cyber Security Summit 2013 brought together C-level executives, security leaders, risk managers, IT professionals, policy makers and lawyers to discuss the current state of cyber security risk and to work to find ways for companies to better identify and manage that risk. The news is sobering. Every company has cyber risk, and those that do not understand their risk, or are not dealing with that risk effectively, will suffer in the marketplace. The good news is that once you identify your company's greatest risks, there are tools available that can mitigate those risks substantially. In other words, it is not too late.
Business owners and executives should note the following themes that recurred during the two-day Summit:
- You are not alone. Many companies, especially small and mid-size companies, are still coming to grips with the risks and identifying solutions.
- Cyber risk is not going away. Cyber crime is bigger than the drug trade. Cyber attacks are increasing and becoming more sophisticated. You should assume that you have already been compromised, or that you will be in the future.
- Cyber security is not just an IT problem. Business owners, executives, and board members too often see cyber security as solely an IT problem that needs only an IT solution. A strong security culture comes from the top, and requires buy-in from all employees. People are almost always an organization's weakest link.
- CEOs and board members no longer have plausible deniability. Cyber risk incidents regularly make headlines. "I had no idea this could happen ..." is not an excuse that will be accepted by shareholders, customers and regulators.
- Cyber attacks on your supply chain are your problem. Your business partners have your marketing data, business information, or intellectual property. Consider this carefully when choosing those vendors and supplies, and protect yourself through your contracts.
- Small and mid-size companies that ignore cyber security are at great risk. Small and mid-size companies rely heavily on their "Crown Jewels." Those Crown Jewels are what cyber attackers are after.
- Cyber insurance can be a valuable tool, but… You might be surprised at what will not be covered.
- Government is engaged at all levels and wants to help.Companies and government will soon share information at an unprecedented level. If done right, that will mitigate risk. If done wrong, it may backfire.
Briggs and Morgan Privacy and Data Security attorneys can help you navigate these issues.