You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches by Josephine Wolff.
Josephine holds a AB, Mathematics from Princeton University and a MS in Technology & Policy and PhD in Engineering Systems both from MIT. Today she is Associate Professor of Cybersecurity Policy Associate Professor, Computer Science, Engineering and Director, Hitachi Center for Technology and International Affairs at Tufts University. She is also a visiting professor of Law at Yale Law School.
Josephine outlines a series in fact of highly publicized cybersecurity incidents between 2005 and 2015. She is able to map the entire attack cycle of each breach. This certainly leads to insights for identifying opportunities for more robust defensive intervention. There are three main motives: financial gain, espionage, and public humiliation of the victim. These are a consistent theme over the ten year timeframe.
During this decade, cyber attacks made the news regularity. The book discusses the legal ramification organizations face after a breach. Here the focus is including litigation, regulatory fines, and compliance issues. Josephine also analyzes financial ramifications including direct costs for remediation and legal fees and the indirect costs like customer trust and brand damage. Josephine documents real-world examples of significant data breaches and the various organizational responses and lessons learned.
As a result organizations are forced to adjust existing policies which is just the tip of the iceberg for how organizations can better prepare for future attacks. The key is improving risk management strategies and policy frameworks. Even though the timeframe is prior to the pandemic, the role of cyber insurance in mitigating financial losses is addressed but is also known to be lacking in the challenges posed by cyber criminals.
Please consider Cybersecurity: The Insights You Need from HBR and Cyber Crisis:
In conclusion, I found this a valuable resource for leaders not versed in cyber attacks. This provides a much needed understanding to the complexities of cyber attacks, their aftermath and the glaring admission of what should have easily been deployed to prevent the attack. As a result, leaders can learn to help their security teams do a better job protecting their organization’s network, data, and devices.