The National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce, released its “cybersecurity framework” in February 2014 to help regulators and businesses identify and mitigate cyber risks that could affect national and economic security. The need was urgent. According to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis, the total average cost per data breach for US businesses was in excess of $5.85 million. Unsure of Congress’ ability to respond quickly with effective legislation to address the myriad issues surrounding cybersecurity, companies are developing their own cyber risk management protocols.
In an effort to gauge industry concerns and measure corporate responses to these significant privacy and security threats, Mayer Brown conducted an informal survey of key executives and corporate counsel in 15 industry sectors between mid-November 2014 and mid-February 2015. The majority of the companies were from finance and financial institutions, professional services (law, medicine, accounting, architecture and design), utilities and energy (including extraction), health care and pharmaceuticals. We are pleased to share the results of that survey with you.