Security Liability in an ‘Assume Breach’ World>
Dark Reading – Raymond Pompon
The recent F5 and Ponemon report “The Evolving Role of CISOs and their Importance to the Business,” found that: ⢠19% of CISOS report all breaches to the CEO/Board ⢠46% of CISOs report only material breaches ⢠35% do not report breaches at all. So why are CISOs reluctant to report a breach. It seems that every high-profile breach is followed by the cleaning out of the C-suite. >From Equifax to Uber, a breach means those in charge of cybersecurity are sent off in search of new employment. In general, the law states that organizations must use âcommercially reasonableâ methods to secure access to the data they collect and process about their employees, customers and, in the case of hosting/outsourcing organizations, their customerâs customers. There are plenty of standards to measure what is commercially reasonable, such as those published by the National Institute of Standards as well as commercial standards, such as the Payment Card Data Security Standard (PCI-DSS), which also introduces contractual liability if standards are not met.
Link: https://www.darkreading.com/partner-perspectives/f5/security-liability-in-an-assume-breach-world/a/d-id/1331100