There is little doubt that cybersecurity is one of the most pressing issues in the contemporary corporate, political and economic arena. When, as have seen, cybersecurity has become a critical issue in the U.S. political and electoral processes, it is clear that the consequence and complications associated with cybersecurity have become both acute. Cybersecurity has become a pervasive issue that with political, military, and economic implications. It is also one of the foremost issues – if not the foremost issue – in the corporate risk management environment. In a complex and rapidly changing world, many companies and their senior officials are struggling to deal with cybersecurity issues and their implications.
Anyone in the corporate, legal, or regulatory arena trying to get their arms around these issues will want to avail themselves of a recently available resource, a new book written by Paul A. Ferrillo of the Weil Gotshal law firm and Christophe Veltsos of Minnesota State University, Mankato, entitled “Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives” (here). This book is a readable, well-organized and helpful guide for any corporate official seeking to address their cybersecurity responsibilities.
This latest volume is a new edition of Ferrillo’s early book, “Navigating the Cybersecurity Storm: A Guide for Directors and Officers” (about which refer here). Many of the key sections from the earlier publication have been brought forward but entirely re-written, including, for instance, the chapter on cloud security, which has been updated to reflect the current technology environment.
But this latest volume is more than just an updated version of the earlier publication. The latest edition is not only entirely re-written from the earlier version, but it also includes a number of entirely new sections, many of which are critical in the current cybersecurity environment. Among the new sections is a new chapter on cybersecurity automation, machine learning, deep learning and artificial intelligence. Technological advances in these areas are evolving rapidly and they present their own sets of cybersecurity concerns, as the authors discuss in this new edition.
Among the more important features of this book is that way that it addresses the legal and regulatory aspect of cybersecurity issues. In clear, understandable text, the book examines regulatory and legal concerns that companies and their executives face, and, more importantly, the technological issues that underlie the regulatory and legal concerns. One particularly helpful feature of the book is that throughout, the book seeks to reduce the various topics to understandable, practical checklists that can be used to assess and address each of the issues presented.
One of the key areas addressed in the book are the potential liabilities of corporate directors and officers arising from cybersecurity issues. Readers of this site will be particularly interested in the book’s section addressing the fiduciary duties of corporate directors and officers. The book not only discusses the current state of play in the cyber-liability arena for corporate directors and officers, but it also includes a helpful cyber governance scorecard for directors to consider and use. The book also includes a separate chapter addressing cyber risk reporting and disclosure issues, as well as a chapter devoted to the questions that corporate boards should be asking on cybersecurity issues.
The book also contains a helpful chapter on cybersecurity insurance. The cyber insurance chapter has a particularly clear and helpful discussion of the key issues to be addressed in the process of designing and purchasing and effective cyber insurance program. The discussion of cyber insurance in this edition has been updated to reflect issues that were not addressed in the prior edition but that have moved to the fore in the interim, such as third-party personal injury claims and property damage issues. These emerging issues underscore the fact that cybersecurity issues present a range of possible perils that could range beyond just the kinds of privacy and network security insurance products as they are currently available in the insurance marketplace. In light of these concerns, the authors present some indispensable “practical advice” to “maximize risk transfer effectiveness.”
I recommend this book for anyone involved with cybersecurity concerns. It is a readable, practical, and useful book, and it is available on the Internet, for free. The updated version of this book is a great resource for corporate boards and corporate executives, as well as for those who must advise them.