A recent white paper from the cyber security team at Kroll says organizations cannot focus on regulatory requirements alone in shaping their security programs. “Opinion and expectations are shifting; accountability for actions or inactions related to personal data is taking on a whole new dimension . . . . What remains to be seen is whether organizations change the way data breaches are managed in order to head off consumer backlash, punitive costs and reputational damage . . . . Organizations must look beyond compliance fulfillment to effectively mitigate the risks associated with an individual breach and, if applicable, to break the cycle of ineffective breach response . . . . While it is true that breach response is fundamentally about making regulatory and budgetary decisions, this viewpoint tends to lead organizations to artificially limit their response to a very narrow aspect of a breach (i.e., notifying affected or concerned parties as required by law). To consistently ensure the organization reaches its most defensible position against negative effects of a breach, it is vital to define, compare, measure and predict the factors involved, as well as review all solutions that are available.”
Jennifer Rothstein, Kroll’s Director of Insurance Channel Management, is one of the chairs of this year’s NetDiligence Cyber Risk & Privacy Liability Forum which takes place June 12-13 in Philadelphia. Register while there is still time and space!