When the words “board of directors” and “cybersecurity” are said in the same sentence, directors’ and officers’ alarm bells go off. Not only are these executives responsible for handling the risk management oversight for their companies, they are also responsible for directing the implementation of crisis management when an event takes place. This can be a touchy subject, not to mention an expensive one.

Almost every company’s information processing systems are already infected with ‘cookies’, malware and/or viruses. The Department of Homeland Security and the FBI have stated they are not only concerned with ‘backdoor hacks/ breaches’, but also ‘frontdoor’ actions by disaffected employees. With major businesses being thrust into the spotlight more frequently due to the data breaches they’ve experienced in just the past two years (think Target, Home Depot, and P.F. Chang’s to name a few), it’s no wonder that people are concerned.

What you need to know about Board of Directors and Cybersecurity

  • Directors and officers may be the subjects of a derivative shareholder lawsuits and held personally liable for data breaches that have occurred at their company.
  • Directors and officers liability insurance packages are beginning to include sections that cover cybersecurity, but do NOT cover malfeasance of duty.
  • The repercussions from a cyber-attack and significant data breach can include:
– Disruption of business
– Theft of funds
– Identity theft
– Permanent damage or destruction of databases and IT systems
– Loss of trade secrets
– Decline in profits and transactions
– Significant response costs
– Negative PR
– Loss of trust
– Pressure on management to implement extensive changes including firing & replacing personnel
– Shareholder lawsuits against the company
– Reorganizing and/or Folding of the company
  • There are technical consultants who can help boards of directors with appraising the cybersecurity vulnerabilities to their company, education of the company’s staff, come up with processes for anticipating, preventing, detecting and responding to cyber-attacks, and provide a valuable outside perspective.
  • Data must be stored with the proper safeguards in place, taking into account the mitigation of legal, regulatory and compliance risks, otherwise the company could be leaving itself open to cyber-attacks and legal action.
  • New standards and regulations are being put into place to help businesses increase their security, reduce data breach costs and shift data breach risks.

For more information on the new standards and regulations and how companies can limit their liability, you may download this white paper, 'Emerging Cybersecurity Standards' by Tsutomu L. Johnson, founder of the Cyber Defense Law Group at Snow, Christensen and Martineau.

Your email address will not be published. Required fields are marked *