The Expert Podcast

The big news in corporate governance is that cybersecurity is becoming an expected best practice. Whether you're on the board, a manager, or the owner of a small company, not having some form of cyber defense policy or procedure in place poses significant downside risks. This includes potential losses, liability, and negligence. Best practices are emerging, with discussions on Hacker News focusing on cyber insurance requirements. Compliance is essential for obtaining cyber liability insurance, involving securing logins and devices and vetting users.

Litigation can arise if best practices aren't followed, leading to potential liability claims from various parties beyond the company itself. Compliance issues highlight the importance of protecting privileged users and identifying all service accounts, which often perform critical tasks within an organization. Even seemingly insignificant devices can be targeted by threat actors due to their privileged access.

While cyber insurance is emphasized by government and industry groups, it's crucial, even without insurance, to implement these best practices to prevent hacks. The consequences of a hack can be severe, affecting revenue, accounts receivable, and customer relations. Private and public sector institutions alike face risks, with ransomware attacks targeting sensitive customer data and potentially leading to legal liability if proper precautions aren't taken.

To mitigate these risks, seeking advice from legal, tech, and insurance experts is essential to ensuring compliance and adequate risk coverage. Failing to adhere to best practices not only jeopardizes the company but also puts customers, vendors, and other stakeholders at unnecessary risk.