The law is trending toward more risk of liability for Officers and Directors. Learn more about this from my recent article in Ethical Boardroom — full text available without paywall here: Cybersecurity Risk: Law and Trends.
I am really looking forward to speaking to the 400+ attendees at the Association of Certified Fraud Examiners’ (ACFE) 25th Annual DFW Fraud Conference event on Friday, May 15, 2015.
My address is titled Addressing the Most Current Cybersecurity Threats: Don’t Be the Next Victim.
You can learn more about this event at this LINK and here are some of the event materials:
LawyersWeekly has found that cybersecurity is now one of the top 3 concerns of corporate general counsel. It should probably be the first, given the trend toward finding liability for officers and directors for cybersecurity incidents.
Here are my key takeaways from the LawyersWeekly article:
- General counsel’s responsibilities more frequently include cybersecurity and data protection risk
- Cybersecurity is a top 3 concern among GC, ranking alongside compliance and value for money
- There has been a significant increase in cybersecurity compliance-related work and assistance with privacy complaints
- Larger companies are recognizing the seriousness of cybersecurity risk and putting in place processes and systems to manage it
Full article: GCs raise cybersecurity concerns.
Will Officers and Directors be held legally responsible for their companies’ data breaches and cybersecurity incidents?
That is the question I addressed in Cybersecurity Risk: Law and Trends – A Director’s Duties Must Evolve With The Company’s, which was recently published in the Spring 2015 issue of Ethical Boardroom (see article below).
The article is short and gets to the point. It explains where the trend is headed on this issue as well as why it is moving in that direction. It also identifies some steps that Officers and Directors can take to help mitigate this risk — while also helping protect their companies from the dangers lurking out in the cyber world.
You can view the full article in the Spring 2015 issue of Ethical Boardroom, which begins on page 108, but I also recommend you take some time to look at the entire issue as it is very informative. As always, feel free to let me know if you have any questions or comments.
Many thanks to CSO Online and Michael Santarcangelo (@catalyst) for his excellent synopsis of our conversation regarding the recent settlement of the Consumer Litigation in the Target data breach lawsuit (note, the more substantive Financial Institutions Litigation has not settled).
Please give the full article a read and also give a shout-out to Michael on his Twitter and let him know what you think so he’ll call me again sometimes! :) What security leaders need to know about the Target breach settlement
“Cybersecurity” just sounds like something that must be really complicated, right?
Sure it does — it sounds exotic and cool — and complicated. And yes, when you get into the weeds of technical things that hackers (actually, crackers) do to monkey around with computers, it can be mind-boggling.
But, must you really understand all of those things to have some basic cybersecurity protection to help improve the odds for your company?
- How much would your company’s cybersecurity odds improve if nobody in your company ever clicked on a phishing email?
- If 75% wouldn’t?
- If 50% more wouldn’t, after being taught how to think about them, than would have before?
- How hard would it really be to take one day a month and have a lunch-and-learn for your workforce to help teach them how to think about and recognize such attacks, as well as other similar techniques the bad guys use?
Phishing scams, weak passwords, infected usb devices — those aren’t the exotic things that people think about when they hear the word “cybersecurity.” They are the easy(ier) things — the low hanging fruit in the grand cybersecurity scheme. But don’t forget, even that low-hanging fruit can go a long way toward making a really good cybersecurity pie and save you and your company a whole lot of heartburn!
This is an excellent article that covers a very important topic you need to consider. You — as in Executives and Board Members of Companies all around the world.
Stop, close your eyes, and ask yourself these three questions that are in this article:
- “What did you think of the announcement?” (i.e., put yourself in her position and envision that day)
- “Is there anything in your emails and files that, if exposed, would get you fired?” (this is self explanatory, but see this related post for advice on this issue: #SonyHack: Will Executives’ Embarrassing Emails Better Motivate Cybersecurity Change?)
- “In the event we experience a breach, what are our priorities?” (again, self explanatory, but see this related post for advice on planning: Breach Response Planning)
Now check out the full article: The conversation security leaders need to have about Amy Pascal’s departure | CSO Online.