Federal and state cybersecurity agencies teamed up last week for a two-day summit focused on the evolving nature of cybersecurity threats to New Jersey businesses.  The event was sponsored by the U.S. Department of Homeland Security’s (“DHS”) Critical Infrastructure Cybersecurity Voluntary Program and The New Jersey Office of Homeland Security and Preparedness.

I had the pleasure of participating on a panel, “Cybersecurity in the C-Suite,” moderated by Dave Weinstein, Deputy Director of the New Jersey Office of Homeland Security and Preparedness.  My co-panelists were Brian Rudowski, Manager, IT Security, Cybersecurity Engineering & Threat Assessment, PSEG Services Corp., Wayne Staub, Vice President, Member Services, New Jersey Business & Industry Association and Stephen Campbell, EosEdge Legal.

Our panel discussed:

  • The evolving legal, business and regulatory expectations of shareholders, customers, business owners and corporate leaders in managing the risks associated with cybersecurity;
  • Key advantages of corporate leadership’s involvement in the cybersecurity dialogue including statistical data that suggests C-suite engagement reduces the overall costs related to a data breach incident;
  • The transformation of cybersecurity from an IT issue to one of corporate governance that requires coordination across an organization;
  • The role of a Chief Information Security Officer within an organization and the need for that individual to provide valuable guidance to senior leadership related to cybersecurity risks;
  • Cybersecurity incident response planning including, depending on an organization’s structure and capabilities, the retention of specialized outside advisers such as independent legal counsel, a forensics expert and crisis communications firm; and,
  • The importance of maintaining the attorney-client privilege and work product doctrine protections when navigating the challenges of data breach preparation or response.

DHS provides a variety of resources to assist businesses in addressing their cybersecurity risks including a Cyber Resilience Review.