The term "reasonable cybersecurity" gets batted around all the time.
And we know that if you have it, it can help limit liability and damages after a breach.
But what, exactly, is the standard for reasonable cybersecurity? What does that look like or feel like within an organization? And how do courts and counsel see it?
We interviewed nationally known cybersecurity and data privacy attorney Shawn Tuma, of Spencer Fane, LLP at SecureWorld Dallas. Here's what he says organizations should be aiming for in 2018.
Watch the video for the complete interview, however, here are some of his key points:
"Reasonableness is defined by your company itself, and that's where you have to start, with a risk assessment. You have to prioritize it and implement a plan. No one can do everything at once, and no one expects that. And when you can show you've done those things and you've made legitimate efforts to combat the risk your company faces, then even when you do have an incident, it makes you look so much better in the eyes of the regulators, the judges, and the attorneys."
This is his high-level answer to what reasonable cybersecurity looks like and how it can limit liability after a cyber incident.
Tuma also shared a number of specifics. More on that in part two of our conversation with him, on steps toward reasonable cybersecurity.
