This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite. Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.
This week’s lead is an interesting article in the JD Supra Business Advisor newsletter from law firm Reed Smith … “Cybersecurity Oversight: What is a Board of Directors to Do?” It reports on the 35th Annual Ray Garrett Corporate and Securities Law Institute held at Northwestern Law School in Chicago. A panel discussed the board level responsibility to provide good cyber governance in a session titled Cybersecurity and Data Breach: The New Reality for Directors and Those Who Advise Them, and discussed best practices. We might also note that at the same program the SEC’s Chicago Regional Administrator, David Glockner, while discussing the SEC’s enforcement agenda in 2015, stated that companies should anticipate a stepped-up level of SEC cybersecurity enforcement actions.
Continuing down the regulatory road, the Federal Financial Institutions Examination Council (FFIEC) has given community banks additional guidance on its 2015 cybersecurity assessment program. FFIEC’s top priority for 2015 is the development and issuance of a self-assessment tool that financial institutions can use to evaluate their readiness to identify, mitigate and respond to cyber threats.
The health care insurance industry continues to reel from a series of successful data breaches. Last week, Care First Blue Cross Blue Shield announced that hackers had obtained the PII of over a million Care First customers. The announcement comes on the heels on similarly successful attacks at Anthem Insurance and Premera Blue Cross.
One of the major concerns associated with these breaches is the number of children whose personal information is being stolen. It is particularly troubling when children are the victims. Their personal information demands the highest premium for identity thieves since their credit is rarely monitored —and the consequence of its loss may not be realized for many years. The Hill reports that Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus, has introduced legislation to give parents the ability to create a protected, frozen credit file for their children.
Target’s woes stemming from its 2013 data breach continue. A proposed $19 million dollarsettlement with Mastercard Inc. fell apart when banks that issued the cards refused to go along with the settlement. Had the banks accepted the settlement they would have been required to forego further claims. Lawyers for the banks claim total losses exceed $160 million.
By Tom Davis, SDI
May 26, 2015