Partner Aaron Tantleff was quoted in a Law360
article, “NIST Cybersecurity Framework Still Going Strong 5 Years On
,” about the fifth anniversary of a government-created cybersecurity framework that provides companies with assessment tools that help them evaluate and strengthen their approach to managing cybersecurity risk.
Tantleff said the widespread adoption of the framework has not only enabled companies to substantially improve their cybersecurity posture by giving them concrete benchmarks by which to better judge the effectiveness of their programs, but also has handed them a new defense against third-party complaints such as class actions and regulatory probes. “By adopting the cybersecurity framework, companies are able to refute a claim that their cybersecurity practices were deficient, lacking, or otherwise not appropriate,” he said. “While we all recognize that the adoption of the cybersecurity framework – or another standard – cannot and won’t prevent a security incident, the adoption and compliance with the standard will help elevate the security posture of the environment and lessen the likelihood and severity of a cyber-incident, and will also help an organization become more resilient.”