Although movies and newspapers would have us believe that cyber risk only has a negative side, I’ve experienced that managing cyber risk well is a huge business differentiator.
For example, if you are a B2B company, and you make cyber risk management a priority, you will be prepared for the questionnaires coming from your customers about supply chain risk. Making cyber risk management a priority will also help you should a regulator or litigator take interest in how you handled the cyber attack that came out of nowhere.
And, if both you and a competitor are cyber-attacked, but you stay in business and your competitor closes their doors for a week or more, what a great situation for you! By the way, that’s actually happened. Read about how DHL gained new customers from FedEx’s stumble in 2017 by clicking here.
Creating a Cyber Risk Story
Nobody can avoid cyber risk altogether so you must manage it. What that means is you’ve got to have a great cyber risk story. Should something go bad, and you end up in front of a regulator, you’ve got to have a compelling case, a great story backed up with evidence, to tell about why you were not negligent, even though something bad happened.
One of the reasons I work closely with Jake Bernstein, cybersecurity counsel at the law firm of Newman DuWors, is the risk of legal liability is so high with respect to cyber risk management. It is extremely wise to measure, score, and mitigate your cyber risks under attorney-client privilege.
A Powerful Shield
Jake and I have worked together to provide cyber risk advice and counsel to companies under attorney-client privilege. In an era of e-discovery, this is a very powerful shield that an executive can have over their cyber risk program.
Choosing to manage your cyber risk under attorney-client privilege provides you the protection to determine how much of your cyber risk management program you want to share should you find yourself in front of a regulator or a court.
To learn more about this topic, be sure to listen to our podcast.