In the face of 2017’s unprecedented, global ransomware attacks, the business community is approaching a new world of regulatory requirements, including the EU’s GDPR. Now, more local initiatives are beginning to crop up.
For example, the states of Delaware and Maryland both recently passed new laws requiring businesses to alert state residents affected by a data breach within a certain timeframe, and to notify the state attorney general if more than 500 residents are affected.
Now, many firms will probably opt for a less burdensome course of action: ignoring new regulations and installing legal safeguards against possible lawsuits. At the same time, the growing industry of cyberinsurance offers the additional hope of backstop financial protection against cyberattacks. However, neither of these options amount to a comprehensive data security posture, leaving firms wide open to attack, so cyberinsurance providers are likely to factor compliance risk into their premiums, which could amount to a spike in coverage costs for insured firms.
Kurt Long, CEO of the Florida-based data protection firm FairWarning, shared with Inside Counsel why law firms need to avoid the temptation of short-term thinking and simplistic solutions to take back control of their data.