The spending bill passed by Congress and signed by President Donald Trump on Friday contains language that renews three-year-old restrictions on earmarking federal funds to interfere with state medical marijuana programs, despite Attorney General Jeff Sessions’s continuing negative stance on the spread of marijuana laws.
Marijuana is legal for medical use in 29 states and Washington, D.C. Nine states and Washington have legalized recreational use. The U.S. Food and Drug Administration classifies marijuana as a Schedule 1 drug, on par with cocaine and heroin.
The new budget will continue to prevent the Department of Justice from spending resources to target medical marijuana patients and providers who are in compliance with state law, protections that were put in place in 2014 and were set to expire on Sept. 30, according to the Washington, D.C.-based advocacy group Marijuana Policy Project.
The nonprofit noted Friday that Attorney General Sessions in January rescinded a Department of Justice policy instituted in 2013 that directed federal prosecutors not to enforce federal marijuana laws against individuals and businesses that are in compliance with state medical or adult-use marijuana laws. This move created uncertainty in states where marijuana is legal for adults, but passage of the spending bill ensures that medical marijuana programs will still be protected for the remainder of the fiscal year, officials with the project said in a press release issued Friday.
“Patients across the country will be relieved to hear that Congress has maintained the current policy of allowing states to make their own decisions on medical marijuana policy,” said Matthew Schweich, executive director for the project in a press statement. “A strong majority of American voters oppose federal interference in state-level marijuana laws.”
Few companies have faith in their cyber risk management, despite the skyrocketing stakes of an attack.
Two-thirds of 1,300 senior executives surveyed in a newly released global survey by Marsh and Microsoft ranked cybersecurity among their top five risk management priorities, yet only 19% felt highly confident in their ability to prevent and respond to an attack.
Of companies with over US$1bn in revenue, nearly half predicted a doomsday cyber event could rack up a bill of over US$50m. But only 30% have a response plan in place for such a scenario. That’s shocking news considering cyber attacks are no longer a matter of if, but when. “Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, president Global Risk and Digital, Marsh. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”
Quantifying the economic risk of an attack is seen as an important part of cyber risk management, yet fewer than half of respondents said their company has estimated the potential financial impact of a cyber incident. Without quantifiable information, organisations have difficulty making risk-appropriate decisions on strategic planning and investment decisions, particularly as they relate to purchasing insurance coverage, says the report.
Despite the enterprise-wide impact of incidents, cyber risk management remains stunted by its relegation to the IT department. As new types of attacks emerge, and major financial losses are incurred, organisations are being challenged to move cyber risk management out of the IT silo and into the realms of stakeholders across the entire enterprise. However, an overwhelming 70% of respondents still cited IT as the primary decision-maker for cyber risk within their organisation.
“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, vice president and deputy general counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”