Increase expected in cybersecurity whistleblowers

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Whistleblowing in IT does exist, but we rarely hear about it.  Why is that, and why should we expect an increase in such cases?

In the past, when an employee turned in an employer for not meeting compliance or following cybersecurity best practices, the employee was often fired.  Wrongful termination lawsuits were typically settled out of court, and no one was the wiser.

So what’s different now?  In the wake of so many breaches and millions of affected individuals information being exposed, cybersecurity issues have become a key enforcement priority for the Securities and Exchange Commission (SEC), meaning that whistleblower tips related to cybersecurity are more likely to be taken very seriously.

In fact, for public companies and other entities regulated by the SEC, mismanagement of their cybersecurity could violate securities laws.  The SEC is taking a closer look at companies’ cybersecurity measures and disclosures, and directing company CEOs to reference the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a guideline for best practices.

There are still grey areas however.  For now, it is assumed that because the Dodd-Frank Act (an SEC whistleblower program) doesn’t specifically exclude cybersecurity, that reporting companies who are lax in this area could be included.  But when a specific compliance regulation does not apply, there is still room for interpretation about “acceptable levels of risk”.  While no organization can completely eliminate risk, it seems more prudent than ever to take any reports of potential vulnerabilities very seriously and address them proactively when possible.  Don’t let failure to act result in an employee blowing the whistle.

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search