For 12 years, Harriet Pearson was chief privacy officer, VP and security counsel of International Business Machines Corp. (NYSE: IBM), the No. 2 global computer company.
Now a few months into a new role as partner at the Hogan Lovells law firm in Washington, D.C., Pearson is “taking my show on the road” and trying to build a security law practice, taking advantage of her experience at IBM.
With an engineering degree from Princeton and her law degree from University of California, Los Angeles, Pearson has a good understanding of technology and privacy. But she warned enterprises aren't prepared yet for the full threat of cyberattacks and cyberhacking.
Publicized attacks the past two months on the world's top oil company, Saudi Aramco, as well as some major U.S. banks including JPMorgan Chase (NYSE: JPM) and Bank of America (NYSE: BAC) deserve attention from senior management, she said.
Besides risking exposure of corporate secrets and information, the dangers of attack also threaten “reputational management” of a company, even when supposedly innocent data is stolen. Pearson cited Sony Corp. (NYSE: SNE), whose PlayStation network was hacked, jolting customer confidence.
As well, the current scandal that brought down David Petraeus, former Director of Central Intelligence and threatens the career of Afghanistan commander Gen. John Allen involves e-mails, all of which provide records of conduct and evidence to investigators, she said.
“The more data a network has, the greater the risk,” Pearson explained. “Over the next two years, the threats are likely to be greater even then they are today.”
Pearson expressed hopes for government action to encourage enterprises to adequately protect themselves. She spoke before the Cybersecurity Act of 2012 failed to pass the U.S. Senate Friday.
After that, Sen. Harry Reid, D.-Nev., the Senate Majority Leader, expressed hopes President Barack Obama would sign an executive order that would contain many provisions of the failed law.
Michael Daniel, the White House Cybersecurity Coordinator, said President Barack Obama might quickly issue that order because “the risk is too great for the administration not to act.”
Pearson said she welcomed other government action looking at privacy and security, such as the Federal Trade Commission's fining Google (Nasdaq: GOOG) a record $22.5 million for mishandling customer privacy and winning a consent decree from Facebook (Nasdaq; FB), the No. 1 social network to guard against abuses for 10 years.
“In his second term, I hope President Obama will use greater authority to enforce cybersecurity,” the lawyer said, praising President George W. Bush for bringing some cyberissues to the forefront for the first time.
Still, Pearson said, Corporate America largely isn't prepared. At a recent insurance meeting in Zurich, she was shown a diagram of all kinds of risks and threats and was startled to see “cyberthreats” in the upper right-hand quadrant next to “world crisis.”
Naturally, she praised IBM, of Armonk, N.Y., as a leader advising enterprises about security but said many others in technology had sounded the alarm.
Enterprises that haven't planned yet ought to first assess their “landscapes,” Pearson said, then assess their network security and also have a good relationship with “law enforcement” authorities and, crucially, have a “crisis plan” for handling an attack.
Shares of IBM rose $1.09 to close at $186.94 in Friday trading.