Navigating Complexities of Risk Management and ComplianceThompson Coburn Partner & Cyber Chair James Shreve on Changing Regulatory Landscape
With new legal and contractual requirements, the regulatory landscape in the cyber and privacy space is constantly changing - on both local and national fronts. As a result, compliance can become increasingly difficult, leaving organizations with a certain amount of risk.
James Shreve, partner and cyber chair at Thompson Coburn, emphasized the need to identify all cybersecurity requirements, map out potential conflicts and weigh the ramifications of noncompliance.
"It can be legal, it can be regulatory, but it can also increasingly be contractual. Contractual obligations can be more stringent than what applies to you by law," Shreve said. "A lot of times that comes from the bargaining power. You may be dealing with a large vendor that is imposing requirements on you that don't necessarily legally apply."
In this video interview with Information Security Media Group at RSA Conference 2023, Shreve also discusses:
- Why boards must be involved in strategic decisions;
- Current ransomware trends and the security preparedness of organizations;
- SEC guidance on cybersecurity disclosures for publicly traded companies.
Shreve works closely with executive leadership, legal, IT and compliance teams to develop a comprehensive and practical plan for risk identification and mitigation. He has extensive knowledge of data security breaches, data safeguarding compliance and contractual negotiations regarding data security and information-sharing limitations.