The market and the government need to move beyond just punishing corporations after major cybersecurity failures to steer them instead toward proactive and comprehensive cyber risk management.
Wyatt Hoffman is a senior research analyst with the Nuclear Policy Program and the Cyber Policy Initiative at the Carnegie Endowment for International Peace.
Subscribe to this Lawfare contributor via RSS.
Litigation raises serious questions about the viability of insurance as a tool to confront escalating cyber risks.
The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.