Abstract:
The multifaceted cyber threat is increasingly impacting the bottom lines of firms and is spilling over into larger issues of geopolitical importance including international security. Firms, in particular managers and boards of directors, are at the epicenter of this storm, but so far surveys have revealed that few businesses are taking the necessary steps to safeguard their private data and enhance cybersecurity. As Howard A. Schmidt, the former U.S. Cybersecurity Coordinator, stated: “While there is a cost to doing more to improve cybersecurity, there is a bigger cost if we do not and that cost is measured not only in dollars, but in national security and public safety.” This Article argues that organizations should treat cybersecurity as a matter of corporate social responsibility to safeguard their customers and the public, such as by securing critical national infrastructure. It is in corporations own, long-term self-interest (as well as that of national security) to take such a wider view of private-sector risk management practices so as to encompass less traditional factors akin to what companies have done with respect to sustainable development.