Cybersecurity Whistleblowers Are Different. Here’s How to Deal With Them.

-- Kenji Price, Mark Schreiber and Scott Ferber

New Incentives From Regulators Might Drive an Increase in Cyber Whistleblowing. Companies Need Specialized Report-Handling Protocols Now to Prevent Misconduct From Making Headlines.

Compliance teams could see an uptick in cybersecurity whistleblower complaints as regulators expand protections and incentives for those reporting data breaches, vulnerabilities or other cyber-related misconduct. But cybersecurity incident reports require special handling. Here’s how to prepare for the unique nature of cybersecurity whistleblowing.

Whether increased plans to protect or incentivize whistleblowers in the U.S. or U.K. result in a surge of incident reporting remains to be seen, but compliance and legal teams should take steps now to strengthen response and investigation protocols for cybersecurity complaints.

Several agencies in recent months have taken steps to encourage whistleblowing. The Department of Justice (DOJ) in October of last year announced the launch of its Civil Cyber-Fraud Initiative to “combat new and emerging threats to the security of sensitive information and critical systems” through the use of civil enforcement actions. It emphasized the protections extended to whistleblowers who provide information to government authorities, as well as the opportunity to share in any recovery. 

Continue to read the article click here >