The current cyberrisk landscape comprises a range of evolving threats, from phishing schemes to third-party vendor vulnerabilities. Companies looking to secure valuable assets, including data, can better prevent and manage cyberattacks by consistently assessing these threats and any potential weaknesses, starting with taking into account the below considerations.
- Is your company’s cyberrisk being managed by the appropriate risk assessment and management programs?
- Where is your company with respect to developing and communicating internal controls, policies, procedures, and standards?
- Does your company have controls in place to restrict, manage, and monitor authorized access to the network?
- Is there ongoing training in place to help prevent and detect cyberattacks against your organization?
- Are you able to effectively manage the unique risks involved to mitigate the potential loss of company information maintained by third parties?
- How strong is your governance and management of cyberrisk?
- Have you properly addressed disclosure and notification requirements and unique jurisdiction issues?
- Are you prepared to address unique requirements such as a mandatory written information security program, disposal standards, or a New York State Department of Financial Services annual certification requirement?
- Does your company have insider trading controls in place to address issues after a cyber matter is discovered?
- Is your company conducting legal review of key phases of its cybersecurity and privacy program?
Learn More
If you are interested in Cyberinsurance: Is Your Company Covered?, as part of our Technology Marathon 2023, we invite you to subscribe to Morgan Lewis publications to receive updates on trends, legal developments, and other relevant areas.