Kim Peretti, partner at Alston & Bird
One trap that companies often fall into is looking at a business risk and thinking, “that can’t happen to us.” It’s an attitude that many have taken in relation to cyber attacks and data breaches, but a string of high profile disasters have brought the matter into clear focus for every business, and many are now playing catch-up in terms of devising a plan to deal with this growing threat.
“The biggest concern for companies, their boards and senior executives, is that being the victim of a cybersecurity event will make headlines for months or years,” says Kim Peretti, partner at Alston & Bird LLP. “There’s broad exposure for companies, board members may lose jobs. It’s now no longer a matter of if a company will be breached, but when, and in some cases, it’s not the breach itself but rather a company’s response that can land on the front page of the news.”
“From a legal standpoint, the risk exposure for a cyber-attack has continued to rapidly increase,” Peretti explains. “The risk profile presented by cyber-security incidents is increasingly more likely to result in financial losses, enforcement actions and lawsuits.” Regulators, from the Federal Trade Commission to the Securities and Exchange Commission to the Federal Communications Commission, the Food and Drug Administration, the Department of the Treasury and state attorneys general all have a growing interest in cybersecurity. This can be challenging for companies, working with officials that have different agendas and focus on specific aspects of risk.
Peretti emphasizes the fact that senior executives and members of the board have an important role to play in cybersecurity. “Boards are responsible for risk management and assessment, so they play an oversight role,” she says. “Senior management should know it’s not just an IT issue, it’s enterprise risk and needs to be handled as all other enterprise risks. The board and senior executives should be involved in a company strategy before and after a breach in an oversight role.”