What’s the best way to encourage companies to invest in cybersecurity: incentives, or penalties?
Up until now, the government and other regulatory bodies have largely relied on the former. But Connecticut is trying something new.
“What Connecticut is doing is considered to be a model for federal legislation that may come down the road,” says Luis Alvarez, CEO, Alvarez Technology Group. “It encourages companies who implement a certain level of cybersecurity protections to avoid fines and any sort of penalties if they get breached.”
Discover more about these incentives in this clip from Power Talk Radio:
This new legislation, named, “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses,” will reward businesses that create, maintain, and follow a written cybersecurity program that includes what are considered to be necessary administrative, technical, and physical safeguards. The reward will be an exemption from the usual fines and punitive action in place in the event of a breach.
The idea is that, with these safeguards in place, a business will have done everything they could to prevent an attack, and as such, cannot be held responsible. Instead of relying on fines to scare companies into compliance, Connecticut will encourage their investment in higher levels of cybersecurity. Implementing these safeguards will likely require the assistance of a Managed Security Services Provider (MSSP).
“Connecticut is taking the stance of incentivizing companies over penalizing them,” says Anthony Buonaspina (BSEE, BSCS, CPACC), CEO and Founder, LI Tech Advisors. “Basically they can attract (and protect) more companies with honey than with vinegar and allow companies to avoid large fines by simply enhancing their security and meeting all the necessary state-mandated security guidelines.”
The question you need to ask yourself is whether you can confidently manage cybersecurity on your own. The short answer is “maybe, but probably not”. Especially for members of highly regulated industries like healthcare and financial services.
In theory, it's entirely possible that, if you've invested in the right technologies, and have the right skill set, you could handle cybersecurity for your business all on your own. You would find your vulnerabilities, manage your policies, monitor your alerts, and everything else that comes with operating a secure business IT environment.
If we’re being honest, however, that’s a big if. When it comes to protecting against the ongoing, evolving cybersecurity threats in play today, managing cybersecurity is, understandably, a tall order. For you to effectively fill the role of an MSSP, you would need…
For all these reasons, it’s recommended that business owners simply outsource their cybersecurity for complete management by an IT company they can rely on — these companies are also known as MSSPs. In fact, whereas nearly a quarter of businesses in the Enterprise Communications Survey have already moved to a managed security model, nearly 45% have plans to do so within the next year.
“I can see this as quickly causing a major uptick in companies reaching out to MSSPs to fill in the gaps and plug the holes in their IT security infrastructure,” says Anthony.
“My conversations with clients have always been that you NEED to improve your security to a certain level by building higher walls and wider moats, however, clients typically put off the expense and ‘hope for the best’,” says Anthony.
Cybersecurity investments are easy to put off for companies that haven’t suffered a major data breach. It can seem likely an unnecessarily high expense, which is why many companies often do the bare minimum and cross their fingers.
This isn’t a wise approach. Cybercrime is becoming more common and more dangerous with each year that passes.
“This now gives added reasons as to why they need to act as soon as possible to implement these basic protections – since the expenses needed to bolster security can now be looked at as an investment similar to cybersecurity insurance,” says Anthony. “By simply paying a little money now, you can avoid a large expense if and when a security breach occurs.”
The absolute biggest mistake companies make about cybersecurity insurance and cybersecurity, in general, is to assume that they don’t need it and that they are not a target. Or even worse, they think they are already protected, without taking any steps to ensure they are. You may have less than a hundred employees, but does that really mean you’re secure?
In 2020, the rate of cyberattacks grew 400% compared to the previous year — the fact is that a rising tide lifts all ships. As cybercrime becomes more prevalent, your organization becomes a more likely target, no matter its size.
Just consider the rate at which attacks are occurring…
“You are also going to see the need, like with the WCAG ADA accessibility compliance, for an MSSP to “certify” that a company has met all the guidelines the state has put in place,” says Anthony. “I predict that many MSPs will pivot their business structure to become more of an MSSP. “
“I think this new type of “incentivizing businesses” approach will quickly become the standard for many states,” says Anthony.
The fact is that, even if you deployed all the necessary cybersecurity technologies, invested in all the necessary tools and solutions, and did everything you could to protect your business, you’d still be missing one thing — cybersecurity expertise.
Does your staff have the skills and experience needed to keep you protected?
Cybersecurity expertise is in high demand these days. As cybercrime continues to grow, and as businesses become more and more digital in their operations, cybersecurity becomes a much more critical priority. However, there’s only so much cybersecurity talent available to hire.
When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals — LI Tech Advisors.
Don’t let your cybersecurity suffer, and don’t assume you have to handle it all on your own — LI Tech Advisors can help you assess your cybersecurity and develop a plan to protect your data.