« The value of pausing to reflect | Main | Don't talk to strangers »

Cybersecurity and your board of directors

Matt McKinney is an attorney at BrownWinick Attorneys at Law  PGP_1038

A recent court opinion underscores the importance for a company's board of directors to assess cybersecurity. As we've explored in several prior posts, directors are charged with exercising fiduciary duties, including the duties of care, loyalty, and oversight.

It is this latter duty - the duty of oversight - that resulted in a plaintiff filing a lawsuit against against his corporation and the corporation's board of directors for failing to exercise proper oversight that purportedly harmed the company.

The opinion provides valuable insight into steps that directors may undertake to minimize potential liability (both to the company and personally) for such claims.  For instance, the court noted the asserted claims were potentially weak because the company implemented cybersecurity measures before the first data breach.  

Further, the board addressed security matters "numerous" times before the breach.  Moreover, the corporation took time to enact security policies, reviewed those policies, and even hired outside technology firms to issue recommendations on enhancing security.  Had the company not taken such proactive steps, including before the breach occurred, the outcome certainly could have been different.  

While there is no one-size-fits-all approach to data and cybersecurity, given the increasing threat such issues pose to companies, a board should at the very least consider data and cybersecurity in fulfilling it's fiduciary duties.  Such consideration may result in no action being taken, or it may result in consulting with privacy counsel, technical experts, or insurance professionals to insure against cyber-related liabilities (including costs related to forensic analysis, breach notification, business downtime, credit monitoring services, and third-party claims).

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d83452ceb069e201b7c7736ffa970b

Listed below are links to weblogs that reference Cybersecurity and your board of directors:

Comments

Thanks. Is there a case citation you could share?

The comments to this entry are closed.

« The value of pausing to reflect | Main | Don't talk to strangers »

Technorati Bookmark: Cybersecurity and your board of directors

This site is intended for informational and conversational purposes, not to provide specific legal, investment, or tax advice.  Articles and opinions posted here are those of the author(s). Links to and from other sites are for informational purposes and are not an endorsement by this site’s sponsor.