With potentially 70 million effected by the recent Target data breach, the US government thinks it’s time to talk about the elephant in the room for the tech world: Cybersecurity protocol.
Earlier this week, the government released the new US cybersecurity “framework”, the creation of which was mandate by president Obama through an executive order earlier this year. The framework was drafted by the National Institute of Standards and Technology.
You can access the document here if you’re really curious. If you’re reading this blog, however, it’s likely not worth your time…for now, that is. Why? The new framework mainly deals with technology companies working on a massive industrial scale, such as energy, financial services, communications companies…basically the 16 sectors the government has identified as critical to our infrastructure. This makes sense when looking at the tech world from a government viewpoint in a post-9/11 world.
While it’s clear that the government is taking a top-down approach at tackling these issues, the startup world won’t be far behind. Silicon Valley, though falling outside of that “critical infrastructure” zone, clearly plays a vital role in the economy of the country. Even if this document was targeted at the startup world, I still wouldn’t suggest taking a read. It was highly conceptual and lacking any clear path to action items…not really an enjoyable read for startup folks!
So what does the new cybersecurity document matter for startups? As the document gets expanded and implemented, deliverable goals will likely start to fall into place. Typically, documents like this will be met with some confusion at first, and as they wind their way through the court system after every related dispute, more and more clarity will begin to appear. It may take a while, but we will probably reach a point where more concrete standards with visible and attainable checkpoints and goals fall into place for the greater tech world.
Given the US cybersecurity framework’s origins (and lack of Congressional input), this new framework doesn’t really have the full effect of a law right now. That’s why the administration is figuring out what sort of incentives it can craft to get the targeted industries on board with the developing standards. One idea being thrown around involves perks related to obtaining cyber liability insurance. This is still very tentative, but we may see a time where cyber liability insurance becomes the norm rather than a nice add-on. We’re already seeing more and more legal documents (client/vendor contracts, etc) here at Founder Shield requiring this coverage, so it’s safe to say that this idea is certainly trending in the private sector.
Founders can put this on the back burner for now, but don’t be surprised if this comes back around in the near future. It will be interesting to see how this framework evolves and expands in the near future. As always, please feel free to reach out to us at any time for more information about how cyber liability insurance can protect your business.