A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to protect itself against cyber risks. There are several steps that senior management can guide the company to take to prevent breaches from occurring and to mitigate the impact when they do occur.

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the statutory and regulatory framework governing cybersecurity. Cybersecurity breaches are unique in that an entity can both be the victim of the breach and still be found to have a degree of responsibility. Fortunately, there are precautionary measures that companies can implement to help prevent a breach and to mitigate the scope and damage of a breach if one were to occur. We will elaborate on the steps to take to guard against a breach and how to effectively respond to a breach in a forthcoming post.