ABA Adopts Cybersecurity Resolution; Says Cyber-Attacks a Top Organizational Risk

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

Aug. 13 - The American Bar Association announced Aug. 12 that its House of Delegates passed a resolution that "encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program."

The ABA Cybersecurity Legal Task Force's Report to the House of Delegates found that "[t]he first- and third-party losses associated with security incidents are rising, and cybersecurity is now one of the top risks organizations must manage." The task force's report stressed that all organizations "develop, implement, and maintain an organization-wide security program in accordance with accepted security frameworks and standards." The task force found that many organizations are only undertaking some of the required security activities, creating gaps and deficiencies in their cybersecurity programs. These gaps and deficiencies leave these organizations vulnerable to attacks by sophisticated cyber-criminals.

There have been a number of high-profile cybersecurity breaches in the last year, beginning during the 2013 holiday season when Target Corp. experienced one of the largest data breaches reported by a retailer. The retailer and investigators estimated that as many as 70 million people had their personal information accessed.

More recently, a gang of hackers in Russia amassed 1.2 billion sets of looted user names and passwords from 420,000 websites. According to a U.S. data security company, the theft created the largest known cache of stolen personal information .

The ABA's adopted resolution encourages all organizations to create cybersecurity programs that are tailored to the nature and scope of the organization and the information to be protected. The task force's proposed resolution also encouraged organizations to regularly conduct risk assessments and create controls based upon these assessments, create response plans for possible cyber-attacks and stablish relationships and share information with external organizations, where appropriate, as a method of addressing the problem of cyber-attacks.

The ABA's final resolution is available at http://www.americanbar.org/content/dam/aba/images/abanews/2014am_hodres/109.pdf .

The ABA's proposed resolution and report is available at http://www.americanbar.org/content/dam/aba/administrative/house_of_delegates/resolutions/2014_hod_annual_meeting_109.authcheckdam.pdf .

Request Corporate on Bloomberg Law