The Consequences of Willful Negligence: Protecting Your Business from Cyber Risks
In a recent interview discussing the Titan sub catastrophe, renowned director James Cameron drew a striking parallel to the 1912 Titanic disaster. Cameron, who has made numerous dives to the Titanic wreckage site, highlighted the similarities: both tragedies involved captains who were repeatedly warned about potential dangers but chose to proceed at full speed, resulting in the loss of innocent lives.
This willful negligence is not confined to the realm of maritime disasters. It permeates the realm of IT security and compliance for small businesses, often with catastrophic consequences. Companies may face sudden and devastating implosions, like the Titan, when they fall victim to ransomware attacks, leading to operational shutdowns, financial losses, and reputational damage. In other cases, the risks are present but remain unaddressed, with businesses awaiting the inevitable. Willful negligence in IT security and regulatory compliance manifests in three distinct forms.
The first form is willful ignorance. Some business owners, particularly those new to the industry, lack the experience and understanding to appreciate the risks they expose themselves and their clients to by neglecting cybersecurity. Often, they rely on IT firms that are proficient in technology but lack the expertise to implement robust security measures. While initial mistakes are forgivable, a cyber attack usually serves as a wake-up call, forcing them to learn the importance of proper security the hard way.
The second type of willful negligence is characterized by deliberate ignorance. Individuals falling into this category cannot claim ignorance as a defense. They are fully aware of the need to protect their business and client data from cyber attacks. They have heard the cautionary tales, are familiar with relevant laws, and may have received warnings from their IT professionals. Nevertheless, they foolishly believe they are immune to such threats, often placing unwarranted trust in cloud applications that promise compliance (which may not be suitable for their specific needs). They fail to verify that their IT providers are fulfilling their responsibilities and often forgo cyber liability insurance due to cost or indifference.
The third and most morally reprehensible form of willful negligence is determined negligence. These individuals stubbornly persist in operating without adequate security protocols, disaster recovery plans, insurance coverage, or thorough assessments of their environment. They consciously choose to disregard overwhelming evidence, facts, and history that contradict their reckless course of action.
Following the sub tragedy, experts came forward to highlight the numerous risky behaviors exhibited by CEO Stockton Rush. The sub’s hull had not undergone proper pressure testing or thermal expansion and contraction testing. The hatch could only be opened from the outside, leaving occupants vulnerable in emergencies. Lack of an atmospheric system to monitor interior gases and absence of emergency air breathing systems posed additional risks. The viewing window was certified for a much lower depth than the Titanic wreck. Perhaps most egregious was the CEO’s egotistical assumption that he knew better than anyone else.
Everyone makes mistakes and places trust in the wrong individuals at some point. Blind spots and misinformation are inevitable. The crucial question is whether one chooses to remain willfully ignorant or foolish to the point of causing harm to oneself and others.
For CEOs responsible for safeguarding financial data, credit cards, medical records, tax returns, Social Security numbers, or any personal information of clients or employees, willful negligence in cyber protection becomes a direct threat to others.
It’s only a matter of time before your ship sinks, your personal Titanic-sized wreck occurs if you persist in this manner. To protect yourself, your business, and those whose data you hold, it’s imperative to prioritize cybersecurity and compliance. Don’t succumb to willful negligence.