Is my company vulnerable to cyberattacks like the recent Sony data breach?
We have all read the news reports about the recent hacking and data breaches at Sony Pictures, and while the story is interesting from a political perspective, from a corporate executive’s standpoint it raises some very important legal issues. Is my company vulnerable to cyberattacks like the recent Sony data breach?There are steps company executives can take to minimize the risk of a data breach or, in event of a hacking, to minimize their liability. These steps include:
  • Meet competitor security standards, at least. Network security needs to be a very high priority for every company. A business and its executives will be held to the “commercial reasonable standard,” which means your company’s network security will be compared to your competitors and that of similarly situated entities. So, find out what they are doing, and make sure that your network security is at least up to their standards.
  • Be aware of data security plans. Senior executives need to be fully involved and aware of their company’s plans to protect its data. This is not the type of issue that should delegated to mid-level management. The liability in the event of a data breach, from both a legal and reputational viewpoint, is just too high to delegate.
  • Have, share & verify your data security policies and procedures. All companies need to have security policies and procedures in place. Additionally, these strategies need to communicated to all employees, and most importantly they need to be followed. From an executive’s perspective, it is vital that there is periodic independent verification that your network security and policies are being followed. These types of reports, provided to senior management, will demonstrate that data security is a priority.
  • Consider cyberinsurance. Many large insurance companies offer different types of cyberinsurance. At a minimum, company leaders should consider buying it. Beyond the obvious benefit of having insurance to help pay for any damages that may arise from a data breach, there are other advantages: First, if the worst happens and there is a data breach, insurance companies most likely will have dealt with similar issues, and they can offer expertise and advice. Second, the fact that your company has cyberinsurance may be a selling point with your clients.
  • Plan for the hack. The worst time to come up with a plan to deal with a data breach is after it happens. Once the news breaks, it is too late. Executives are inundated with requests for help from employees, and questions from clients and the press. Additionally, depending on the nature of the business, there may be inquiries from governmental agencies and regulators. At this point, it is virtually impossible to put together a plan that not only deals with the company’s immediate needs, but also the long-term impact to the company and its executives. So, just like a company should have a disaster recovery plan, these days a company should also have a data breach plan.
Steven Boyne is a shareholder and a member of Gunster’s corporate law practice. He works out of the firm’s Jacksonville office. Image courtesy of Stuart Miles via FreeDigitalPhotos.net

Our attorneys keep clients in the know when it comes to how the law affects business. Read Gunster’s blog for timely and important updates on legal and business matters, straight from our attorneys to you.

Recent Posts

Popular Categories

Jump to Page

Gunster Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek