Download pdf
Last year we explored the concept of “reasonable security” measures. We have come back to examine an underlying but even more difficult question: What legally required standard of care governs an entity’s cybersecurity practices? We consider whether the answer(s) to this question is contextually driven, or whether it is possible to divine a more generally applicable standard.