News & Insights

Regulators and Cybersecurity Leaders Advise Businesses on How to Prepare For A Major Attack and the Consequences of Failure to Act

On April 4, 2023, the office of Illinois Attorney General Kwame Raoul was joined by leaders in technology and law enforcement for a full-day symposium designed to inform CISOs, CTOs and CIOs on how best to protect their business from cyber threats. The day was a truly unique opportunity to hear one of the country’s most prominent data security regulators directly explain its expectations for companies and organizations that collect, store, and use customer and employee data.

A range of panels provided wide-ranging advice, from how to create a robust and dynamic cybersecurity plan, to how to ensure that your people are your most valuable cybersecurity asset, not your greatest liability.  They also emphasized the importance of regularly stress-testing your infrastructure with realistic table-top exercises including mock data breaches and complex simulations.

Specific advice to c-suite executives and board members included:

  • Ensuring that they implement endpoint detection and response tools and require multi-factor authentication to protect their networks.
  • Treating cybersecurity as a broad-based business concern, not a limited IT issue.
  • Limiting data collection to that required to serve a company’s mission and identifying and categorizing data based on its sensitivity and importance.
  • Tracking and paying attention to FTC and AG orders relating to security incidents experienced by other companies.

We have analyzed and distilled the information presented in the panels to provide a summary of what the nation’s foremost regulators of data security are looking for in their approach to data security incidents. Required reading BEFORE an AG comes calling—and they WILL if there is a data incident—this paper provides cybersecurity leaders—CTOs, CISOs, and CIOs—with information about the concrete things they can do to mitigate allegations that they failed to safeguard data or take appropriate steps to avoid the significant, concrete financial and reputational harms that would result from a breach.

Our white paper: ANTICIPATE, MITIGATE & COLLABORATE prepared by Ryan Bottegal, Hannah Cornett, Keturah Taylor and Emily Yu is available free upon request.