Tag Archives: Board of Directors

Shareholders Can Sue Corporate Officers for Breach of Duty of Oversight in landmark Ruling — CISOs and CPOs, You Listening?

In a landmark ruling, the Delaware Court of Chancery has recognized that corporate officers owe the company a legal duty of oversight, which has traditionally been an obligation solely of directors, and can be sued by shareholders for breach of that duty. In the cybersecurity and privacy context, what does this mean for Chief Information …

Continue reading “Shareholders Can Sue Corporate Officers for Breach of Duty of Oversight in landmark Ruling — CISOs and CPOs, You Listening?”

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018) Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free: Cybersecurity: A Fiduciary Duty …

Continue reading “Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom”

The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!

In the last quarter of 2017, I have observed a cybersecurity trend that has given me more hope than any that I have seen previously. Let me explain. As an attorney, I have been practicing what can generally be described as cyber law or cybersecurity law since 1999, which means that my practice has evolved a lot …

Continue reading “The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!”

Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?

Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding. The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders …

Continue reading “Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?”

Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom

New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your …

Continue reading “Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom”

Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ

The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better Paul and I are both firm believers in focusing on the basics so that …

Continue reading “Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ”

Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why

“Can I be held personally liable for my company’s data breach?”

That is one of the questions I am asked most frequently. The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides …

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”

3 Key Points the Board Needs to Know About Cybersecurity

Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should. Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues …

Continue reading “3 Key Points the Board Needs to Know About Cybersecurity”