5 Preliminary Elements of Cyber Security Risk Assessment
Between 2012 and 2014, the number of companies in the US hit by cyber security breaches doubled. There is now a common expression in the information security industry: “There are only two types of companies: those that know they’ve been compromised, and those that don’t know.” What is interesting about malware cyber attacks is that few attack are targeted at a specific company. Rather, 90% of malware is hovering around the internet programmed to attach to unprotected persons and businesses. More than 317 million new pieces of malware -- computer viruses or other malicious software -- were created last year. That means nearly one million new threats were released each day. (CNN Money, April 14, 2015). From a practical standpoint this means is that small and large businesses are equally likely to suffer an attack. Companies can, and should, take steps to assess, monitor, and protect themselves from cyber security breaches. Failure to do so can result in devastating financial damages to the company and its clients. The board of directors and officers of companies have a duty to the company and shareholders that they serve. With the significant uptick in high profile cyber security breaches, officers and the directors can no longer play naïve to the risks of data breaches. A lack of oversight and management of cyber security risks can result in members of the company’s board of directors and officers being found personally liable for damages. The following is a general overview of 5 main areas that a company should assess related to its cyber security protocols and procedures.
1. Data Management Risk
2. Technical Risk
3. Contractual Risk:
4. Employee Risk
5. Track Record/ Past Risks
As the number and frequency of cyber attacks continue to rise, companies must remain diligent and continually monitor and improve their cyber security protections. Officers and directors who underestimate or overlook cyber security threats face the potential of personal liability for company damages. In future blog posts we will continue to explore this ever increasing business and legal risk.
The attorneys at MLMW are experienced in working with clients on cyber security related issues including in litigation, employment contracts, transactions, and mergers and acquisitions. We also work regularly with specialized IT cyber security firms. Please contact us if you would like to speak more about your company’s cyber security issues.
(Mallon Lonnquist Morris & Watrous, PLLC, is a business, employment, real estate, and litigation law firm. Craig T. Watrous is a Colorado business attorney with MLMW, based in Denver, Colorado. Craig regularly represents clients on cyber security matters. Craig can be reached at firstname.lastname@example.org and (303) 722-2165)