By James Normand, Security Analyst
Ensuring the security of data and computer systems is an ongoing battle for all businesses operating in the digital age. The stakes have always been high with a company’s reputation and financial stability on the line. Over the past few years, large data breaches have affected healthcare companies, financial institutions, Governmental agencies, and many others.
Regulators and Government Officials continue to evaluate how best to hold companies and their personnel accountable for their decisions relating to cybersecurity breaches. Financial penalties are on the rise as the cost of cybercrime in 2024 is projected to reach $9.4 trillion. Recently, there has been a shift towards potentially holding high ranking decision makers personally responsible for cybersecurity lapses.
Political pressure from the U.S. Senate may lead to holding CEOs and Board of Directors personnel accountable for security breaches due to perceived negligence. More specifically, Senator Ron Wyden has asked the SEC and FTC to hold UnitedHealth Group (UHG) responsible for the “…substantial harm to consumers, investors, the healthcare industry and U.S. national security.” Senator Wyden cites UHG’s failure to adopt industry-standard security practices as well as its CISO’s lack of prior cybersecurity experience as evidence that high ranking UHG personnel should be held accountable for the cyberattack. [1]
Financial penalties are on the rise as New York State Attorney General Letitia James collects $350,000 in penalties from Personal Touch. In a press release dated October 18, 2023, Attorney General James stated that poor data security led to the compromise of over 300,000 New Yorkers’ personal and medical information. Among many other security breaches in recent years, AG James reports that in early October 2023 a multistate coalition secured $49.5 million from cloud company Blackbaud for a breach that impacted thousands of nonprofit organizations. [2]
It is more important than ever for businesses in all industries to have experienced cybersecurity professionals and adequate operating controls. Regulatory requirements are constantly evolving to match the ever-changing digital landscape. If you have questions regarding your organization’s cybersecurity posture or if you’d like to discuss any FoxPointe offerings including but not limited to financial institution IT audits, vCISO services, SOC reporting, PCI compliance, and other personalized services, please don’t hesitate to reach out.
[1] https://www.bankinfosecurity.com/senator-urges-ftc-sec-to-investigate-uhgs-cyberattack-a-25384
[2] https://ag.ny.gov/press-release/2023/attorney-general-james-secures-350000-long-island-home-health-care-company