California Reasonable Cyber Security Measures
In February 2016, the California Attorney General Kamala D. Harris released a Data Breach Reportanalyzing the 657 data breaches that have been reported to her office since 2012 which was the year California began requiring businesses and government agencies to notify the Attorney General’s Office of breaches affecting more than 500 California residents.
After summarizing the impact of these data breaches, the California Attorney General’s office has adopted 20 specific controls set forth by the Center for Internet Security’s Critical Security Controls as what the state views as reasonable security practices.
These controls are commonly known as the SANS 20 Critical Security Controls, which represent the minimum level of information security that all organizations need to meet in California.
What is Reasonable Effort
The Attorney General’s office has tried to clarify what constitutes “reasonable efforts” when it comes to protecting against cyber security breaches. Now according to the California Attorney General, meeting the controls does not necessarily provide complete cyber security, but failure to implement all 20 controls constitutes a lack of reasonable security practices.
The controls are prioritized in order of the greatest reduction of risk to the least, and each item is listed sequentially, so that a higher priority vulnerability must be addressed before moving on to a lower risk vulnerability.
Does your business need Cyber Liability or Data Breach Insurance?
Most business owners understand that the personally identifiable customer information they have on their computers is a target for hackers and that their online presence leaves them open to liability claims. However, far fewer take the necessary measures to protect their business.
Some examples where a business could benefit from cyber liability or data breach insurance are businesses that have a network that their employees all save data on and businesses that keep customer/patient records such as medical histories, credit card, bank account and Social Security numbers in its database.
What is Cyber Liability / Data Breach Insurance?
Data breach insurance and cyber liability insurance helps cover the costs of a data security breach for things like identity protection solutions, public relations, legal fees, liability and more depending on the coverage you choose. You want data breach coverage in place because quick action is critical to help restore the public’s confidence, if your business is victimized by a cyber-attack.
To mitigate the risk of civil litigation and other penalties when a data loss or theft occurs, a cyber liability or data breach insurance policy can provide access to professional assistance to help businesses comply with applicable laws and regulations.