The small Google affiliate promises affordable pricing based on the number of employees that a company has rather than the amount of data used. Depending on what those figures end up being – it could have a big impact on the state of cybersecurity regulation.
The FTC is the de facto enforcer of cybersecurity standards among businesses, and they have moving goalposts regarding the adequacy of a company’s cybersecurity practices:
“From the outset, the FTC has recognized that there is no such thing as perfect security, and that security is a continuing process of detecting risks and adjusting one’s security program and defenses. For that reason, the touchstone of the FTC’s approach to data security has been reasonableness—that is, a company’s data security measures must be reasonable in light of the volume and sensitivity of information the company holds, the size and complexity of the company’s operations, the cost of the tools that are available to address vulnerabilities, and other factors. Moreover, the FTC’s cases focus on whether the company has undertaken a reasonable process to secure data.”
Taken with the possibility of affordable cybersecurity solutions based on company size, smaller ventures no longer have the reasonableness standard to hide behind when they engage in poor cybersecurity hygiene. Even though the standard remains the same, this means “more” regulation.
Even if the potential lower costs means adding an extra expense, it’s really a big win for consumers and businesses alike. Consumers can feel more confident in sharing their data with businesses (which is often part of a company’s business model), and companies can rest easier knowing that they no longer have to be the ones who let customer data leak for lack of trying.