The Federal Trade Commission (FTC) has been very proactive in going after business that do not protect their clients from cyber breaches. This is not only happening with major companies; Foresite was called in to help a small business who was audited and fined more than $100k by the FTC for not adequately securing a portal on their website that collected marketing information on visitors.
The FTC also famously went after Wyndham Worldwide after data security failures led to three breaches in two years and resulted in millions in fraudulent credit card charges and leaking of consumer account information.
ASUS, a techncology company, released routers meant for the home market that the company claimed could be used as private servers by plugging in a flash drive. Third-party cybersecurity researchers tested the claim and reported that there was no technology in the routers to secure data, and this was reported back to ASUS who promised to take action multiple times, but never did. As a result, hackers were able to exploit the vulnerability and customer data was exposed and put online. ASUS finally settled with the FTC for over $200M and is subject to independent audits for the next two decades to make sure the company continues to maintain a comprehensive cybersecurity program (we also saw this with the SMB client we worked with).
These are just a few examples of the increasing role in outside agencies taking action to protect client data by enforcing cybersecurity best practices and regulations. How would you (or your customers) fare under this kind of scrutiny?