In the face of this complex transformation and hazardous threat environment, companies and cyber professionals face another kind of risk – mounting litigation exposure resulting from muddled, conflicting, and confusing cyber liability standards, lawsuits, and new regulations. It is incredibly unfair to levy legal complaints against the individuals and stakeholders engaging in well-established, federally cited best-practices during cyber incidents, especially the kinds of extremely sophisticated attacks promulgated by foreign adversaries and against which even the U.S. government has struggled.

To meet the challenges and embrace the opportunities of the digital frontier, we need to protect and expand the cyber community, ensure cyber regulations and requirements are harmonized, and push for changes that guarantee stakeholders acting in good faith and abiding by a clear set of cyber governance and risk-management best practices have certain basic liability protections under the law.

We Need to Close the Cyber Workforce Gap

According to the latest ISC2 Cybersecurity Workforce Study, closing the gap between the number of workers needed and qualified experts available would require nearly doubling the current ranks among cyber professionals. However, 75% of those surveyed view the current threat landscape as the most challenging they have seen, and multiple headwinds are hindering efforts to scale the cybersecurity workforce.  With mounting personal liability claims on the rise, many professionals are rethinking their career and considering leaving the cyber workforce all together.

Cybersecurity Must be an Enterprise-Wide Effort

Given the nature of the risks and shortage of expertise, the responsibility for security cannot be expected to fall on one actors’ shoulders alone. Cybersecurity has moved well beyond the IT Department and must be considered as essential enterprise risk management owned by the board.

Principles-Based Cyber Governance Standards & Liability Protections

In a volatile, high-risk environment, the flurry of disjointed cyber regulations and mounting litigation claims have unleashed a torrent of new risks for business. Unilateral actions by independent government agencies, legal complaints targeting victims, and naming and shaming cyber professionals have all served to shift the regulatory landscape and depress the market.  The result is a muddied liability landscape that threatens to reverse decades of progress in private-public cooperation. Robust public-private partnerships built on trust and reinforced by consistent laws and regulations, aligned to best practices, must be the new national imperative.

To become a member of the Alliance, share your story, and receive regular updates please fill out the contact form.