Will New Cybersecurity Regulations Impact Your Bottom Line?

[fa icon="calendar"] May 16, 2016 8:31:33 AM / by Bob Mitchell

blog-compliance.jpgAs the United States approaches the Presidential election this November, there will be more security threats, including an increase in misinformation perpetrated across social media, targeted attacks against voter information and election systems, and an overall lack of active engagement or understanding of cybersecurity risks by executive leaders.

With the growth in cybersecurity risk, what’s a CEO to do to protect his organization? And, how may new cybersecurity regulations effect the organization and its bottom line?

Lead up to elections

Leading up to the November presidential elections, experts predict there will be an increase in database attacks on voter information. Recently, CSO Online’s Salted Hash reported that 18 million voter records were exposed in a database error.

With more than 70 percent of adults on social media in 2014, the Pew Research Center, says there’s a concern that social media will proliferate misinformation to the public. And with more people getting their news from social media there’s additional risk for misleading information making it into the public discourse. Some experts predict that social media will exceed traditional news in where people get their news. According to the Pew Research Center, increasingly people are getting their news from social media, often those sites aren’t reliable sources of information.

Making cybersecurity a priority

While the number of targeted cyberattacks increases, cybersecurity is probably not on the forefront of strategic objectives for most executives, though its priority may change. Often executives delegate cybersecurity protection and responsibility to others on their teams, including information security officers. However, a general lack of understanding the risk cyberattacks pose is no longer an excuse, and leading to more executives paying closer attention to cybersecurity and its risk.

In a report by PricewaterhouseCoopers, Cybersecurity: The New Business Priority, U.S. Security Leader Gary Loveland and Security Principal Mark Lobel say that having executives who are actively involved in cybersecurity rather than merely reacting to it is something all businesses must consider. Now. Today. Not tomorrow.

Companies, and its leaders, must take a strong cybersecurity stance.

And such a cybersecurity stance is not something that the CEO only needs to be concerned with. Pressure is increasing for the organization’s boards of directors, as well.

According to a recent AT&T Cybersecurity Insights report, CEOs should be asking these tough cybersecurity questions. This includes whether the board of directors is actively engaged in cybersecurity? When was the last risk assessment performed? Why might an organization be the target of a cyberattack? What data is leaving the company? And, if it is exiting, how is it being secured? Has executive leadership provided the security organization with all of the tools and resources it needs to prevent a security attack?

Often board members lack the necessary knowledge or basic understanding of cybersecurity, yet are being called upon more often to establish and maintain high standards for management of cyber risk and responding to questions from government officials, regulators, shareholders, and lawyers — many who are now eager to expand class action lawsuits against individuals who have been harmed by a cyberattack against an organization, according to The Risky Business of Cybersecurity, published in November 2104 by The Harvard Law School Forum on Corporate Governance and Financial Regulation.

Increased regulatory effect

The report notes that United States regulators expect a level of protection for public interest in corporate cybersecurity and are taking steps that encourage businesses to enhance their cybersecurity preparations through more regulation.

Securities and Exchange (SEC) Commissioner Luis A. Aguilar said earlier this year that the Commission urgently needs to address cybersecurity, including, “[the] capital markets and their critical participants, including public companies, [who] are under a continuous and serious threat of cyberattack,” and whose threats cannot be ignored.

As cybersecurity threats grow more pervasive, managing the risk and threats is a top agenda item for business leaders. Organizations want different strategic and tactical ways to address cybersecurity, including insight into intelligence on possible threats and being able to tackle risks. In addition to this intelligence, organizations also want the ability to broadcast this information to its partners, according to the PricewaterhouseCoopers Global State of Information Security Survey 2016).

Companies, and their leaders, must take a strong cybersecurity stance. It’s important to their organization, and their bottom line.


 

Read about increasing your security posture to maintain regulatory compliance

Download Now

Bob Mitchell

Written by Bob Mitchell

Mr. Mitchell is an experienced technology journalist, managing editor, freelance writer, and marketing communications professional. He served as managing editor of ADVANCE for Health Information Executives, until it met its untimely demise in 2010. He writes for his personal blog C-Cookies, where he continues his passion of writing about topics at the intersection of IT and health care.