MIDWEST CYBER
SECURITY ALLIANCE
The Midwest Cyber Security Alliance (MCSA) is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professional firms advocating for more effective cybersecurity solutions. MCSA's mission is data privacy and security through education, specifically cyber preparedness and security awareness. The organization is a meeting place for all cybersecurity stakeholders, in every industry, to collaborate on current cyber threats as well as cyber defenses and strategies, and we help information security and privacy professionals design and implement strong and effective cyber security programs.
WHY IS CYBER SECURITY CRITICAL TO AN ORGANIZATION?
According to the 2022 IBM Security / Ponemon Institute Cost of a Data Breach Report:
-
The average cost of a data breach in the US is $9.44M
-
83% of organizations studied (sample size 3600) experienced more than one data breach
-
19% of breaches occurred due to a compromise at a business partner
-
60% of organizations’ breaches led to increases in prices passed on to customers
-
The average time to identify and contain a data breach is 277 days
To reduce the risk of cyber incidents, successful Information Security Programs involve a multidisciplinary team that includes Executive Leadership (CEO, CFO, COO, etc.), Risk Management, General Counsels, Security Officers, Privacy Officers, Compliance Officers, Human Resources, CIOs, and relationships with external agencies. Organizations should implement strong, risk-based security and privacy controls that evolve to reflect the changing threat landscape.
FOLEY'S STATE DATA BREACH NOTIFICATION LAWS CHART
A one-size-fits-all approach to breach notification will not suffice, as most state are responding with increasingly frequent and divergent changes to their statutes, creating challenges for compliance. Organizations must make it a priority to monitor these changes to prepare for and respond to data breaches. Download Foley’s State Data Breach Notification Laws Chart for a summary of basic state notification requirements that apply to entities who “own” data.
