Cybersecurity growing threat to small businesses, AU expert says

Rebekah Lewis, deputy director of American University’s Kogod Cybersecurity Governance Center, joins Jonathan Aberman, host of What’s Working in Washington...

Large and small business are worried about cybersecurity “though many people don’t know what to do,” said Rebekah Lewis, deputy director of American University’s Kogod Cybersecurity Governance Center.

When businesses get hacked and lose customers’ personal data, boards and owners “can come under fire” from both customers and shareholders, said Jonathan Aberman, host of What’s Working in Washington.

Customers of multiple companies, finding themselves victims of hacks, have organized class action lawsuits for compensation. Since company operators are legally obligated to do a good job, shareholders have also filed derivative suits as a result of similar hacks.

“None of those have yet been successful,” she said, but it’s only a matter of time. Over time, “the potential for those claims to be successful will increase.”

Yahoo recently disclosed that in 2013 an attack revealed passwords, personal information and security questions from over a billion accounts. Due to this, Lewis said there are “multiple senators calling for investigation of the company, which will lead to a closer look at the activities of the board,” as well as Yahoo’s senior officers.

“I think we’re going to see corporate leaders be held accountable,” Lewis said.

The company was recently under watch for purchase by telecom giant Verizon, and with the recent disclosure, Verizon has demanded a renegotiation of the deal’s terms. “If Verizon decides to go ahead with this deal,” Lewis said, “there’ll be a question of, you know, what was the prudence of that decision, to move forward, given all these security concerns.”

Even without being the victim of a hack, tight cybersecurity is becoming more important for companies if they don’t want to be held liable. Recently, the Consumer Financial Protection Bureau brought a suit “against a company where there was no breach, it was simply for their failure to properly notify and properly secure data,” said Lewis.

“Even when there isn’t some really big incident, I think companies need to be worrying about this,” she said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.