California AG: Those not implementing critical security controls would not be considered to have “reasonable security” Security expert: Large, well-funded companies would not find them insurmountable challenge to implement. Small and midsize businesses will have to comply with security standards, expert says. Expert: Each company is different and, as such, will have different risks; each one has five to 10 sub-points. To be safe and survive, you must follow the controls and be able to offer cyber-insurance coverage, he says.”]

