From: Council on Foreign Relations
Pamela S. Passman
***
The Cost of Compliance
***
In many companies, security is dictated by responding to regulatory requirements rather than implementing an enterprise-wide, risk-based approach encompassing security strategy. In many U.S. healthcare IT departments, for example, significant resources are focused on HIPPA compliance at the expense of other important security gaps that need to be addressed.
The price for noncompliance is great. Companies are being fined for noncompliance to regulations by government agencies and sued by shareholders in an environment where the standards are evolving. For example, after hackers stole personal and credit card information of approximately 56 million Home Depot customers, a shareholder derivative suit in September 2015 followed more than forty four other civil suits by consumers and financial institutions. The suits allege the company breached its fiduciary duties of loyalty, good faith, and due care by failing to take reasonable measures to protect customer information.
A better approach
Leave a Reply