How to lose your company in a data breach:
- Step 1: Suffer a data breach (which almost all companies have or will);
- Step 2: Get sued by plaintiff’s lawyers waiting to pounce or, worse, an Attorney General or regulator;
- Step 3: Be found not to have met the applicable “standard of care;”
- Step 4: Pay up, and possibly lose your business.
“Standard of Care?”, you say. What’s that and why should I care? And where does NIST fit in?