Cybersecurity Policies Should Include Associate Agreements

The dizzying pace of recent hacking attempts has prompted national attention. President Obama plans to enact rules allowing the military to respond to national cybersecurity threats. These rules come in the wake of a string of attacks on governments and private firms. Private firms are at high risk, especially when they rely on cloud computing and mobile devices. Their limited ability to address breaches makes this risk worse. Companies should set up procedures to prevent and deal with breaches. They should also consider cybersecurity insurance.

In prior years, many companies ignored the threat of a breach because of low risk in their field. However, hackers are now targeting new types of businesses. Thus, businesses of all types need to address these issues. Even companies with strong cybersecurity policies in place may be overlooking new trends. For example, experts have noted an increase in the number of attacks on consultants, accountants, and law firms. Companies should protect themselves against the risk of indirect attack by requiring that these firms follow certain cybersecurity policies.

© 2013 Parsonage Vandenack Williams LLC

For more information, contact

Should Your Company Consider A Cybersecurity Disclosure Policy?

Cybersecurity breaches represent a significant, rapidly growing risk to virtually all companies doing business today. Small companies are particularly prone to a variety of potential cybersecurity breaches, including loss of physical property, social engineering, malicious attacks, or breaches caused by employee conduct.  The consequences of these breaches can include increased costs, lost revenues, reputational damage, and litigation.  As a result, the Securities Exchange Commission has recently indicated that public companies must consider cybersecurity risks when disclosing risks to their investors.  While the SEC guidance primarily applies to public companies, private companies may also be subject to these requirements if they do business with public companies.

Given the growth of cybersecurity risks and breaches, many states have also acted to promote disclosure of cybersecurity issues. Currently, 46 states have enacted legislation that requires companies to notify customers if a cybersecurity issue compromises their personal information. The potential ramifications of cybersecurity risks may create liability not only for the company itself, but also for its board of directors and officers. Accordingly, companies should regularly review their policies relating to the disclosure of cybersecurity risks and incidents.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact