Companies that dont make efforts to secure their networks could face civil and criminal penalties under an array of existing laws and court decisions, according to security and legal experts. A new accounting-reform law now being phased in is likely to have the biggest impact. The 2002 Sarbanes-Oxley Act holds executives liable for computer security by requiring them to pledge that companies “internal controls” are adequate, and auditors are starting to include cybersecurity in that category, said Shannon Kellogg, director of government affairs at RSA Security Inc.
Read the full story at Reuters