We Need Clear Cyber Risk Governance Standards & Liability Protections
Digital transformation has revolutionized the global marketplace, but with great promise comes a host of new threats and risks to manage. Those threats are evolving at an exponential rate, and with most Critical Infrastructure assets operating in the private sector, battle lines are blurred and constantly changing. As a result, American companies face a host of new threats by foreign adversaries actively seeking to undermine U.S. national and economic security.
In the face of this complex transformation and hazardous threat environment, companies and cyber professionals face another kind of risk – mounting litigation exposure resulting from muddled, conflicting, and confusing cyber liability standards, lawsuits, and new regulations. It is incredibly unfair to levy legal complaints against the individuals and stakeholders engaging in well-established, federally cited best-practices during cyber incidents, especially the kinds of extremely sophisticated attacks promulgated by foreign adversaries and against which even the U.S. government has struggled.
To meet the challenges and embrace the opportunities of the digital frontier, we need to protect and expand the cyber community, ensure cyber regulations and requirements are harmonized, and push for changes that guarantee stakeholders acting in good faith and abiding by a clear set of cyber governance and risk-management best practices have certain basic liability protections under the law.
We Need to Close the Cyber Workforce Gap
According to the latest ISC2 Cybersecurity Workforce Study, closing the gap between the number of workers needed and qualified experts available would require nearly doubling the current ranks among cyber professionals. However, 75% of those surveyed view the current threat landscape as the most challenging they have seen, and multiple headwinds are hindering efforts to scale the cybersecurity workforce. With mounting personal liability claims on the rise, many professionals are rethinking their career and considering leaving the cyber workforce all together.
Cybersecurity Must be an Enterprise-Wide Effort
Given the nature of the risks and shortage of expertise, the responsibility for security cannot be expected to fall on one actors’ shoulders alone. Cybersecurity has moved well beyond the IT Department and must be considered as essential enterprise risk management owned by the board.
Principles-Based Cyber Governance Standards & Liability Protections
In a volatile, high-risk environment, the flurry of disjointed cyber regulations and mounting litigation claims have unleashed a torrent of new risks for business. Unilateral actions by independent government agencies, legal complaints targeting victims, and naming and shaming cyber professionals have all served to shift the regulatory landscape and depress the market. The result is a muddied liability landscape that threatens to reverse decades of progress in private-public cooperation. Robust public-private partnerships built on trust and reinforced by consistent laws and regulations, aligned to best practices, must be the new national imperative.
Our Mission
The Cyber Governance Alliance is a coalition of experienced cyber professionals representing stakeholders throughout the Critical Infrastructure ecosystem and is committed to proactive solutions that protect and empower the cyber community. When nation-states attack, enterprises can easily become victims, even if they have defended themselves responsibly. As a result, we are fighting for principles-based cyber governance solutions and ensuring that individuals and entities acting in good faith are guaranteed liability protections.
About Us
Emily Elaine Coyle
President and Founder, Cyber Governance Alliance
Ms. Coyle has over 25 years of experience working and lobbying on corporate governance, cybersecurity, and consumer privacy policy – including her time as a staff-designee to the House Financial Services Committee, the near decade in her role as co-founder and co-lead of the Cyber Policy Engagement Program at EY, and her stint as head of cyber policy for a major tech firm. She brings a unique understanding of this complex issue, the policymakers, stakeholders, and the processes necessary to generate results.
What We Stand For
Principles-based cyber governance solutions, flexible enough to allow for innovation
Harmonized regulation and liability standards aligned to cyber best practices
Board-level commitment to cybersecurity and enterprise-wide cyber risk management
Protecting and growing the cyber workforce
Limitations on liability for individuals and entities acting in good faith
Coordinated vulnerability disclosure
Join The Coalition
To become a member of the Alliance, share your story, and receive regular updates please fill out the contact form.