Blowing the whistle on internal cybersecurity vulnerabilities is a courageous act, but one that requires caution and professional legal advice to navigate the patchwork of federal and state laws whose anti-retaliation statutes may apply to cybersecurity cases.
A common misconception is that raising concern over a cyber vulnerability alone is enough to be protected against retaliation.
“It is critical [for] a cybersecurity whistleblower to articulate clearly [that] the issue he or she is reporting is not simply a cybersecurity vulnerability, but also involves actual or potential specific legal wrongdoing,” Ms. Ronickher emphasized.
However, if the cybersecurity vulnerability does violate the law – or even if the employee only believes it is unlawful – he or she should be protected.
Ms. Ronickher is further quoted on common “do’s and don’ts” of cybersecurity whistleblowing, and notes that in certain situations, cybersecurity whistleblowers may be entitled to a reward through programs administered by the Securities and Exchange Commission, the Commodity and Futures Trading Commission, or the Department of Justice.
Read the full article here.