From: The Wall Street Journal/Morning Risk Report
Though the voluntary cybersecurity standards for so-called critical infrastructure firms haven’t been written yet, much criticism has already been lobbed their way. Love them or hate them, the often-missed point is that these voluntary standards will matter for businesses.
By Rachel Louise Ensign
The voluntary cybersecurity standards for “critical infrastructure firms” haven’t been written yet, but much criticism has already been lobbed their way.
Some industry insiders worry that these standards, a part of President Obama’s executive order on cybersecurity, may be too rigid or conflict with existing standards, Risk & Compliance Journal reported last month. But others say the measures in the executive order will not be enough to combat cyber risks, like the senior Obama administration official who called the order a “down payment” on cybersecurity legislation that will do more.
Love them or hate them, the often-missed point is that these voluntary standards will matter for businesses, and they may matter the most for those firms that don’t make an effort to comply. For one, companies that don’t meet these benchmarks and then have a cyber incident could be hit with litigation. “The voluntary standards will become a leading indicator for civil lawsuits that have a cyber component to them,” said Ahren Tyron, an attorney with Cozen O’Connor in Washington, D.C., who works with critical infrastructure firms. “[They’ll] essentially be a benchmark for what actions companies should take at a minimum to protect their customers.”
The benchmarks that make it into the voluntary standards could also turn up in future state standards modeled after the federal effort, said Tryon. The forthcoming benchmarks could also be used to gauge a company’s potential exposure to cyber risks for business purposes. A firm’s compliance with the voluntary standards could be looked at in the deals process or by insurance companies underwriting a cyber insurance policy for that company, Tryon said.
Leave a Reply