It's Not About the Money: Sony's Cyber Attack
The recent Sony Entertainment cyber attack over the movie release of the “The Interview” by North Korea brings to light a new form of cyber threat; one that isn’t motivated by some form of direct financial exploitation or gain but for political or idealistic reasons and the fact that it was executed by a foreign government is alarming. For Sony, the damage was really done with the release of damaging executive emails and the theft of sensitive employee data, which will have reputational and well a financial cost. The ultimate consequence of this could end in the board room.
While cyber-related directors and officers liability claims are rare, this potential emerging threat could likely change that in the future. Publicly traded companies could face securities class action lawsuits when network systems are compromised that results in long-term stock price drop. As a result of these attacks companies are focusing ever greater resources on mitigating as well as responding to cyber-attacks and data breaches. The government is so concerned about cyber security that President Obama actually commented on the Sony cyber-attack and in early 2013 issued an executive order to strengthen the U.S. cyber security framework.
In October 2013 the National Institute of Standards and Technology (NIST) proposed a cyber security framework for critical U.S. infrastructure and it looks like it will be at the top of Congress’s agenda in 2015 with bipartisan support for compromised legislation. This will be a significant change for businesses as they will be required to have cyber security protocols in place to protect sensitive data and systems, which up until now has been voluntary. Some business sectors already have existing processes in place and will be quick to adopt the new standards, sectors like electric utility, telecommunications and the financial. Questions? You can review the NIST framework on cyber security and contact an ‘A’ Team member.
ABOUT THE AUTHOR