Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

NYSE and Veracode Survey Reveals Cyber-Related Corporate Liability is Top of Mind for Boards and Executives

by The Gurus
November 10, 2015
in Editor's News
Share on FacebookShare on Twitter

Veracode, a leader in protecting enterprises from today’s pervasive Web and mobile application threats, today issued findings from a joint NYSE Governance Services/Veracode survey of 276 board members revealing how cybersecurity-related corporate liability is being prioritsed in the boardroom. Nine out of 10 of those surveyed believe regulators such as the Federal Trade Commission (FTC) should hold businesses liable for cyber breaches if due care has not been followed, and more than 50 percent expect investors to demand more transparency as a result of the increased public focus on cybersecurity liability.
Pressure is building for boards and management teams to be especially wary of any corporate behaviour that can impact their brand and erode shareholder value. In fact, according to Forrester, 88 percent of the S&P 500 market value consists of goodwill and intangible assets such as reputation, brand, innovation, processes, know-how and customer experience.[i] Further, security is now the second leading risk to a company’s brand – behind ethical issues and ahead of traditional risks related to safety, health, and the environment.[ii] It should come as little surprise that legal risk related to cybersecurity is a major concern for corporate directors, especially as businesses of all kinds increasingly rely on the digital domain to drive competitive differentiation and growth.
Threat of Legal Action Due to Breaches
The onslaught of high-profile cyberattacks is expected to lead to an increase in legal actions regarding who should be held liable in case of a breach. Three out of five respondents foresee an increase in shareholder lawsuits as a result of heightened corporate liability due to cybersecurity issues. Nearly 50 percent who knew of the FTC’s lawsuit against a major hotel chain said the case has influenced their executive discussions on cybersecurity liability. In the case, a Federal Appeals Court recently ruled that the FTC can pursue the defendant for failing to employ reasonable data security measures, such as using vulnerable out-of-date software.[iii]
Further, 90 percent of respondents feel third-party software providers should bear legal liability when vulnerabilities are found in their packaged software. This is particularly relevant because, according to Veracode’s 2015 State of Software Security Report, nearly three out of four enterprise applications produced by third-party software vendors contain vulnerabilities listed in the OWASP Top 10, an industry-standard security benchmark.
Preparing for Increased Cyber-Related Liability
Key questions raised by the survey highlight the debate needed to frame the liability issue. For example: When should a company be considered negligent in its processes—or lack thereof—for securing sensitive information? What constitutes ‘reasonable’ efforts to address vulnerabilities in web and mobile applications, libraries and frameworks, and other components in its digital infrastructure? Should companies be held liable for not finding a common and easily-found vulnerability such as SQL Injection? Is it a minimum ‘standard of due care’ to patch widely-known vulnerabilities such as Heartbleed, and should businesses be held liable for failing to do so?
While 94 percent of respondents have increased or are planning to increase their security assessments to address liability concerns, two-thirds of respondents say they have also begun or are planning to insert liability clauses into contracts with their third-party providers. Respondents also mentioned hiring outside consultants as well as ramping up security training. Many are also increasing audit committee and board-level oversight – a strategy that’s in line with expert recommendations to report on the businesses cybersecurity measures to the audit committee quarterly,[iv] and to the full board on a regular basis. 
Is Cybersecurity Insurance the New Driver for Minimum Security Practices?
A majority of companies now have cybersecurity insurance—a market set to triple to about $7.5 billion in the next five years[v]—mainly to mitigate financial losses brought forth by liability claims. Of those with insurance, 35 percent currently insure against software coding and human errors that can lead to loss of sensitive data. While insurance is an important mitigation step to mitigate cyber risk, it is insufficient on its own to protect against the full impact of a breach including brand damage and loss in shareholder value.
“Just as the evolution of fire insurance drove the creation and enforcement of minimum standards in the way buildings are constructed and protected, cyber liability insurance is set to soon create a new baseline for cybersecurity best practices,” said Sam King, chief strategy officer, Veracode. “As insurance providers tighten requirements for claims payouts, companies will be forced to meet a minimum standard of acceptable practices, thereby improving their overall security posture. Boards would be wise to hold their companies to account to focus on and understand their cybersecurity risk thereby setting an urgency around the issue to prevent brand damage and loss in shareholder value.”
The joint NYSE/Veracode white paper with more detailed statistics and conclusions from the survey can be found at https://info.veracode.com/whitepaper-nyse-cybersecurity-and-corporate-liability-in-the-boardroom.html  An infographic based on the findings can also be downloaded here https://www.veracode.com/blog/2015/11/cybersecurity-and-corporate-liability
Methodology
The NYSE-Veracode “Cybersecurity and Corporate Liability: The Board’s View” survey was conducted electronically over the course of four weeks in September and October 2015. All of the 276 respondents are board directors or senior executives of public companies.
[i] Forrester, 2015, https://www.forrester.com/Top+Security+And+Risk+Priorities+For+The+Business+Technology+Agenda/fulltext/-/E-RES115789
[ii] Deloitte, 2014 http://www2.deloitte.com/content/dam/Deloitte/global/Documents/Governance-Risk-Compliance/[email protected]%20survey%2
[iii] http://www.darkreading.com/perimeter/ruling-ftc-can-hold-wyndham-liable-for-data-breach/d/d-id/1321881
[iv] EY, 2012  http://www.ey.com/US/en/Issues/Governance-and-reporting/Audit-Committee/Cybersecurity—Considerations-for-the-audit-committee
[v] PwC, 2015 http://press.pwc.com/News-releases/cyber-insurance-market-set-to-reach–7.5-billion-by-2020/s/5CC3FA21-221C-43DF-A133-05435E365342

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Generation Z: adept with technology but vulnerable to fraud

Next Post

Vormetric survey finds that UK adults are most concerned with financial account information being stolen during a cyber attack

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information