In my Compliance Week column this month, entitled “Transforming the Cybersecurity Paradigm,” I write about the new paradigm for cybersecurity and provide some recommendations for how companies can get with the virtual program. Here is an excerpt:
“Today’s cyber-security paradigm needs to shift dramatically. Conventional cybersecurity fortification and defense measures need to make way for EDRs; otherwise companies risk a sluggish, incomplete and piecemeal data breach investigation. Customized cyber-insurance policies, created by way of a reverse gap analysis, need to supplement general liability and property insurance coverage; otherwise, companies risk financial peril, even bankruptcy. And cyber-security departments need to reorganize data breach response under the purview of the GC; otherwise, given the post-data breach rush to the courthouse, companies risk a liability implosion. In short, today’s companies need to get with the virtual program. Philosophies of prevention and detection are no longer the master ethos of strong cyber-security. Doctrines of defend and respond have taken their place.”