In House - The FindLaw Corporate Counsel Blog

In the Age of Cyber Criminals, Compliance Has Limitations

When entering a home back in the day, a burglar typically jimmied a door or broke in through a window.

If you were smart, you could protect your stuff with good locks or an alarm system. Today, however, thieves work in an entirely new world.

In the age of cyber criminals, your information is golden. The problem is, not even law-abiding companies can replace a stolen identity.

Compliance Is Not Enough

Corporations may comply with security standards, but nobody can return stolen information. That's the real cost of cybercrime.

Compliance doesn't mean security, says Kerry Bailey, chief executive officer at eSentire. The company provides managed protection, response and advisory services.

Writing for Forbes, Bailey explains that the problem traces back to the beginning of cybersecurity regulation. Banking regulations were designed to discourage insider trading, and compliance meant to document and investigate That does nothing to remedy stolen information.

"In cybersecurity, stolen data stays stolen," Bailey says. "It's difficult to make a customer whole again once their data falls into the hands of a criminal."

Cybersecurity Regulations

Lawmakers are trying to keep up with cybersecurity regulations, but can only go so far. FINRA, for example, released a cybersecurity report in December.

The regulations require banks to have secure logging systems, user access controls, encryption for data, annual reports and inventories of cyberattacks. But, Bailey says, companies must also see cybersecurity as a "fiduciary issue and executives must be accountable."

It would be like making a homeowner responsible for the contents of a house. You can just leave the door open and hope everything will be safe inside.

Related Resources: