High Stakes Cyber article

Companies Can be Liable for Failing to Maintain Adequate Cyber Security

Christine L. Peterson, CPP, ISP Compliance, Intellectual Property, News, Security Program Development


screenshot of article

How much customer data do you have? Is it secure?

If so, you should read High Stakes Cyber as published in Security Management.

In brief, the FTC can hold companies liable for failing to maintain adequate cybersecurity, even though the commission has not defined minimum cybersecurity standards through rules or regulations. Even in this case, the court did not articulate a minimum security standard.

This article starts with a lot of data, but it really hits its stride in the section titled “The Lessons”. For additional guidance, see the FTC guidebook Protecting Personal Information: A Guide for Business.

From the FTC press release: “The touchstone of the commission’s approach to data security is reasonableness: a company’s data security measures must be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Through its settlements, testimony, and public statements, the commission has made clear that it does not require perfect security; reasonable and appropriate security is a continuous process of assessing and addressing risks; there is no one-size-fits-all data security program; and the mere fact that a breach occurred does not mean that a company has violated the law.”

How much customer data do you have? Is it secure?


Plan. Protect. Prosper.

Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.

919-834-8584 or 800-775-8584