Cybersecurity Standards of Care 101: Prioritizing Risk Management

Cybersecurity risks threaten all organizations and corresponding stakeholders; they are increasingly frequent and sophisticated, posing a threat not only to our economy but also to our national security. In response, the White House released its comprehensive cyber strategy in 2018. The Framework for Improving Critical Infrastructure Cybersecurity also was most recently updated in 2018 by the National Institute of Standards and Technology (NIST)1.

The Department of Homeland Security (DHS), the lead civilian hub for cybersecurity and infrastructure protection risk management, recently elevated the National Protection and Programs Directorate
into a full-fledged component agency, the Cybersecurity and Infrastructure Security Agency. These developments, strategies, and capacity building frameworks collectively outline how the U.S. government intends to prepare, protect, and defend the nation from cyber adversaries.

In this context, organizations, large and small, public and private, should be aware of the threat environment and have a resilient plan in place to prevent the spread of problems and minimize business disruption. Standards of care and response best practices apply universally. For these reasons, an organization’s top leaders should consider implementing basic risk management practices in preparation for a cybersecurity event.