Given that cyberattacks continue to be sophisticated and severe, and cybersecurity continues to be a top concern for regulators, consumers, business partners, and investors, companies should be proactive and devote adequate resources to their security practices and incident response. In addition to the litigation and reputational risks that companies face if they are perceived as having inadequate security practices, regulators are imposing significant fines for data breaches, increasingly calling for greater board oversight of cybersecurity and holding top officials personally liable for allegedly lax security practices. So, based on regulator activities from 2022, what are the top considerations for board members and businesses when it comes to cybersecurity in 2023?
- Notify appropriate parties of breaches. In its 2022 case against CafePress, the FTC took issue with the company for allegedly covering up a data breach. The FTC’s complaint alleged that the company did not properly investigate the breach for months although it had been notified consumers’ personal information was posted for sale online, and that, while the company asked customers to reset passwords,…