Written by: Randall J. Krause, Esq., CIPP/US
At ACI’s Cyber & Data Risk Insurance conference held on March 24, 2014, representatives from five (5) state attorneys general offices (AGs)* sent a message to organizations throughout the United States. They had been asked to address the following question: “What are the top 5 messages that you want to send to companies across the country?” Their responses, along with some additional explanation, are the subject of this article.
In short, the AGs’ top 5 messages are (1) everyone is vulnerable to data breaches; (2) as a “steward” of sensitive data, you must be proactive in your efforts to protect it; (3) dispose of sensitive data properly and/or don’t collect it in the first place; (4) employee training and monitoring regarding cyber and data risks are critical; and (5) encryption is a basic “reasonable measure” to safeguard sensitive data*.
As privacy professionals often say, when it comes to whether your organization will experience a data breach, “the question is not if, but when.” According to the PandaLabs 2013 Annual Report, 20% of all malware that has ever existed was created in 2013, with 31.53% of computers around the world being infected. In early 2013, the Ponemon Institute reported that, in its survey of small businesses throughout the United States, 55% of those responding reported having had a data breach (almost all involving electronic records), and 53 % reported having had multiple breaches. Continue reading Cyber Liability – A Message from the Attorneys General