Not exact matches
Companies will need to create an expectation among their
cybersecurity teams to identify and
report incidents much more quickly.
There are statutory obligations to
report — in Alberta and, soon, federally — if there's a
cybersecurity incident that presents a real risk of significant harm to an individual.
Organizations that have been the victim of a
cybersecurity incident may have a number of legal obligations to
report or disclose the
incident, not only to government but also to other organizations and individuals whose data might be involved.
This spring's
report documented a 10 % increase in
cybersecurity incidents at US government agencies for a total of 77,183 (page 14).
Although Experian and TransUnion don't appear to be involved with the Equifax data breach, Lieu wants all of the credit
reporting companies to detail their
cybersecurity practices and what they are doing to prevent future
incidents.
On September 7, consumer credit
reporting agency Equifax announced it had experienced a
cybersecurity incident potentially impacting 143 million Americans — nearly half the country.
TaskRabbit: The handyman - for - hire app owned by Ikea is investigating a «
cybersecurity incident,» and it temporarily took down its website and app, The Wall Street Journal
reports.
MAPPING K12 CYBERATTACKS: The K - 12 Cyber
Incident Map @K12CyberMap is «a visualization of
cybersecurity - related
incidents reported about U.S. K - 12 public schools and districts from 2016 to the present.»
«[T] he Commission believes that it is critical that public companies take all required actions to inform investors about material
cybersecurity risks and
incidents in a timely fashion,» the
report states, «including those companies that are subject to material
cybersecurity risks but may not yet have been the target of a cyber-attack.»
U.S. Department of Justice
Cybersecurity Unit, Best Practices for Victim Response and
Reporting of Cyber
Incidents (April 2015)
Nearly 50 % of general counsel say their role has expanded to incorporate planning for
cybersecurity incidents and responding to such attacks, according to a new Legal Week Intelligence
report.
Furthermore, in the context of
cybersecurity and outsourcing, the cost of a contractual breach can increase drastically depending on whether the
incident occurred in the context of a security breach and the associated
reporting requirements,» she writes.
The response plan must address (1) the internal processes for responding to a
Cybersecurity Event; (2) the goals of the
incident response plan; (3) the definition of clear roles, responsibilities and levels of decision - making authority; (4) external and internal communications and information sharing; (5) remediation of any identified weaknesses in Information Systems and associated controls; (6) documentation and
reporting regarding
Cybersecurity Events and related
incident response activities; and (7) the evaluation and revision of the
incident response plan following a
Cybersecurity Event.