As SEC regulations extend to require more processes to protect our IoT-based enterprises from what has become one of the greatest threats to our economic prosperity and private security in the modern era, so too must the skillsets of our Chief Compliance Officers expand to include new areas of focus and competence. Your company’s critical approach to cyber security is no longer the sole responsibility of the CIO, CISO, or CTO, but calls for a tight relationship between both the head of technologies and the head of compliance in order to permeate the whole company, creating meaningful standards for cyber security posture throughout.
This new paradigm that positions cyber security compliance under the purview of both Technology and Compliance teams requires your company’s legal and compliance leadership establish a common understanding of the legal implications of cyber risk in order to establish cyber strategy in partnership with each other, and with other key stakeholders in the organization.
In an article published by Russell Reynolds Associates entitled “How the Chief Compliance Officer role is transforming across Financial Services”, the consulting company projects a global movement toward new features within the CCO role, proclaiming that “we expect cyber security to become a separate center of competence within the compliance function.” And in a clear warning released by Suzanne Spaulding former Department of Homeland Security Under Secretary for Cyber Security in a panel discussion about cyber risk management, she states that “This is a risk management challenge, and all of us know how to do risk management - you do it every day...Do not shove it to the IT Department”. The industry expectation has transformed and your role now includes a high level of competence for strategizing approaches to cyber security and risk assessment, a task that cannot be underestimated.
While it is now more more clearly inevitable that your time working side-by-side with the technology department to address cyber risk will increase, your company’s level of legal exposure in the context of ever-evolving hacker technology is difficult to forecast. As Assistant Professor of Cybersecurity Law Jeff Kosseff notes in the Iowa Law Review, in the 136 pages of the Cybersecurity Act of 2015, “The statute fails to provide a concrete definition that sets forth the scope and goals of cybersecurity law”. And yet, despite this lack of transparency in what constitutes the extent of obligations in the unending fabric of cyber security, the hundreds of millions of dollars in customer reparations made by companies who have fallen victim to cyber attacks in the last 10 years are proof that your range of legal exposure is wide-ranging.
With no end in sight to the lengths at which hackers will go to breach systems and with no law swift enough to travel forward in time to reach ahead of the curve, how do we analyze and assess the risks in compliance with regulation without exposing ourselves to new legal challenges never-before imagined, without opening Pandora’s Box? The answer requires a delicate, deliberate balancing act to meet the currently instated requirements with compliance with a forward-thinking attitude in-step with company growth in profit and vulnerabilities. We must brace for what the American Bar Association cites cyber security panelists calling the “unavoidable” liability. The ABA explains that the liability can be addressed only through “negotiating a complex landscape involving international, domestic and even state-level digital regulatory issues, governmental crackdowns on online privacy, liability issues in the event of a data breach and even employee rights”. Add this to a list of trust, rights, and vulnerabilities of vendors and customers and we will arrive close to tallying the assets that fall within your company’s legal scope.
How Maxxsure Can Help
Only a tool that contains the agility to process growth in your company and your environment, that can organize the knowledge in a meaningful way, and that can offer solutions to mitigating, calculating, and transferring the risk with readable metrics can help you to drive your company forward in this market of “unavoidable” liabilities. Maxxsure provides to-the-minute reporting to help you foreshadow new liabilities and manage risk with solutions and transference. Maxxsure offers the M-ScoreTM tool which quantifies “Cyber security RISK” (Likelihood x Impact) from 0 – 1000 based on governance standards; industry, organizational, & situational factors; and application & infrastructure vulnerability. These tools made available through Maxxsure give leadership a consistent barometer of cyber security risk with the transparency needed to properly analyze and strategize your risk posture through proactive management, monitoring, remediation, and transference. By providing clear metrics that easily translate to both technical and non-technical solutions, Maxxsure reduces the risk of loss allowing you to help your company to innovate and grow, keeping you in compliance and ahead of regulations to come.