Every few days, data breach of a prominent company is the headlines. On the other hand, hackers are finding it easy to breach data networks using new hacking methods. This prompts businesses across the globe to think about ‘reasonable’ security. Also, it is pertinent for them to understand their implementation in the event of a security breach.
‘Reasonable security’ has highly technical and vague meanings. Additionally, it also depends upon the industry and audience. Regulatory bodies do not want to limit themselves in a certain sector-specific definition that implies ‘reasonable’ security.
As number of cybersecurity breaches and data theft incidences rise, regulators and lawmakers have come up with new guidelines and legislation. Companies must follow these rules to maintain a threshold of cybersecurity to keep themselves at safe distance from such cyberattacks. Regardless of their origins, these new guidelines help in setting a benchmark for ‘reasonable’ cybersecurity measures.
New Laws with Broader Definitions to Improve Compliance
However, without a well-structured, and coherent benchmark of care to reference, companies find it difficult to comply with cybersecurity laws. Also, guidelines often seem vague and ambiguous.
Several companies are investing heavily to enhance their cybersecurity. With a thought that high-end security systems, companies feel their data is under protection. Further, it also allows them to comply with the new rules. However, with the increasing data breach litigation, this mode of compliance is emerging as risky. The companies are allowing a jury or judge to determine the robustness of the security system after the data breach. Companies need to conduct a complete review of their security systems and should not market themselves as ‘cyber-attack ready’ before doing so.
With the implementation of new laws such as the California Consumer Protection Act (CCPA) and EU’s GDPR, the definitions of ‘reasonable security’ have become broader and now cover more requirements. It will help the companies to prepare better for the compliance as well as any potential cyber threat.