Issue link: https://nebusinessmedia.uberflip.com/i/1518792
30 HARTFORDBUSINESS.COM | APRIL 15, 2024 Opinion & Commentary EXPERT'S CORNER Here are preemptive measures to limit a cyberattack's damage to your business OTHER VOICES Natural gas, oil still important to CT's future energy mix Chris DiPentima Mike Giaimo William Roberts By Chris DiPentima and William Roberts I t's been nine months since Connecticut's sweeping new data privacy law to protect consumers took effect, after lawmakers made the decision that due to inaction in Congress, the state should pass its own law to protect consumer data. By all indications, Connecticut businesses impacted by the new law seem to be taking it seriously in terms of compliance, with some even going above and beyond what is required. This is good news. Having this sweeping law on the books is progress indeed, but the unfortunate reality in 2024 is, no state law can ever fully protect a business or consumers from those looking to cause chaos and harm, as the risk of a cyberat- tack remains as heightened as ever. So, it is still up to the individual business to remain breach-ready at all times, because no one is ever breach- proof. Businesses should not think with a mindset of if a cyberattack can happen, but when one will. Because when such an attack occurs, it is no laughing matter. According to IBM, the average cost of a data breach is $4.45 million, and there is also a $1.3 million average cost of lost sales and revenue associated with an incident. Additionally, there is the impact to the company's reputation — a recent survey of 1,000 U.S. consumers found 60% of respondents are less likely to work with a brand that has suffered a data breach, and 21% will immediately seek a new provider following an incident. This is why establishing core proce- dures that will potentially mitigate the harm derived from a data breach is critical to protect sensitive data and any resulting reputational damage to a business. Reducing risks For starters, companies should very much strive to be in a state of "breach-readiness." This means three things: reducing the likelihood of a breach, reducing the scope of a breach and being prepared to respond when a breach eventually occurs. Once this is made clear, there are a number of steps that must be taken. The first is the company should develop an understanding of what its cyber risk profile is. This means asking a series of questions. What personal data does it collect and retain? With whom is that data shared? Where is the data located? This step is also referred to as data mapping or data inventory, and it is crucial — a business cannot protect data unless it knows what it is and where it is located. Having this knowledge, a business can then evaluate its cybersecurity on a number of levels, including technical security (such as encryption, multi- factor verification, threat detection software and more), administrative controls (properly training staff) and the actual physical controls they have in place (such as security cameras, visitor policies and document storage). Next, a business should be looking to limit the scope of an eventual attack, which is why a data-minimiza- tion project is often very helpful. This involves reducing the volume of collected data, and reducing the data fields that are kept on file. After all, data cannot be breached if it cannot be found in your system. Lastly, as with every strategic undertaking, there needs to be a plan in place to train employees on what to do in case of a breach, as well as to test existing plans to determine their overall efficacy. Companies should encourage their employees to develop and constantly review a comprehensive cybersecurity plan, including tabletop breach simu- lations and written response plans that are shared throughout the business. As each employer is different, it is equally important that these plans are tailored and optimized to fit the unique needs of each individual business. Connecticut's new law was a mean- ingful step to provide some protection to consumers, but as in many cases, a law alone will not stop those who are determined to hack into, steal from and disrupt a business. This is why preemptive protections are so important, as is informing the employee base just how critical these protections are. Perhaps a company can't stop an attack from happening, but it can take steps to potentially limit the harm it causes. Chris DiPentima is the president and CEO of the Connecticut Business & Industry Association. William Roberts is a partner with Day Pitney LLP and co-chair of the firm's data privacy, protection and litigation practice. By Mike Giaimo L ike much of New England, Connecticut finds itself in a difficult situation when it comes to energy — one that is complicated by aggressive environmental policies, permitting challenges, and limited and aging infrastructure. These issues, unfortunately, come at a cost to the region, resulting in volatile energy markets across Connecticut and beyond. With minimal local fuel sources and being at the proverbial end of the pipeline, the region relies heavily on ship, truck and barge deliveries, and inadequate pipeline infrastructure. From this vantage point, it is easy to overlook that the United States is the global leader in oil and natural gas production — a hard-earned distinction that should benefit the entire country. Unfortunately, few people appre- ciate our current strong energy position. For example, did you know that the federal government's forecast has the United States producing 13.2 million barrels of crude oil per day, and more than 13.4 million barrels per day in 2025, both of which would be new records? With respect to natural gas, the U.S. Energy Information Administration also expects the country to experience record-high production over the next two years. But our domestic energy advantage is being undermined by short-sighted policies and a lack of support. As we enter a pivotal election year, it is important to focus on a compre- hensive "all-of-the-above" energy approach — that includes natural gas and oil — and ensures energy access in our region, bolsters infrastructure and strengthens national security. Revisiting energy policies The headwinds faced by all energy producers include geopo- litical volatility, supply chain chal- lenges, inflationary pressures and a misguided perception that we can snap our fingers and instantly replace growing energy demand with renewable sources. Currently, the state legislature is considering policies that could curtail the use of natural gas and move to all electrification in the building sector. At this inflection point, the state should not be looking at policies that limit the use of natural gas, but should be exploring ways to untap its potential. The massive delays in getting energy projects built are obvious and all around us. Just about every large-scale proposal in the region over the past decade — be it a transmission line, gas-fired power plant, or on- or offshore wind or solar farm — has been met with significant push back, delays and protracted and costly litigation. The fact that we have seen such an anemic amount of energy infra- structure built over the last decade reinforces a hard truth: that it is time to revisit our energy policies. Throughout Connecticut, activists are pushing not only to stop pipeline expansions or replacements, but to turn off power plants without a ready replacement, or to prevent new and efficient plants from coming online. This ignores the fact that natural gas and oil supply nearly 70% of America's energy, and natural gas frequently represents between 50% and 60% of the power on the regional system. Furthermore, both fuels are projected to be part of our energy mix for decades to come. We should not hasten the retirement of natural gas-fired power plants when abundant amounts of domestic natural gas are but a couple hundred miles away. This all argues for a more funda- mental approach to energy production, one that embraces both renewable sources and recognizes the continued importance of oil and natural gas. A long-term energy strategy is needed to unleash U.S. energy access, bolstering infrastructure and strengthening security. Despite positive steps, there is still a need for further action to overhaul inef- ficient permitting processes. Delays in obtaining permits for energy infrastruc- ture hinder progress and investment. As Connecticut and the rest of the country navigate an uncertain future marked by escalating geopolitical risk, a comprehensive and bipartisan approach is crucial for securing Ameri- ca's energy future. Developing natural gas, oil and alternative sources — as well as the infrastructure needed to safely deploy them all — will keep Connecticut and the rest of the region well supplied with reliable energy for decades to come. Mike Giaimo is the regional director for the Northeast at the American Petroleum Institute (API).