Is the law evolving to hold individuals — specifically CISOs — responsible for companies’ cybersecurity failures? In my opinion, the answer is yes, albeit slowly and incrementally, but it certainly appears to be moving in that direction. Here are some of my thoughts on the SEC’s recently issuing a Wells Notice to SolarWinds’ executives —…
Category: Corporate Governance
A few quotes from my keynote at SecureWorld Boston
Following the outstanding SecureWorld Boston event, my friends at SecureWorld shared Highlights and Insights from SecureWorld Boston 2023 and were kind enough to include a few quotes from my lunch keynote — let me know what you think and please offer your perspective on these ideas: For my friends in the Houston area, get ready,…
Join me and #EnterpriseUniversity for Real-World Cyber Risk Management and Resilience Planning on March 28, 2023!
On Tuesday, March 28, 2023, I will be teaching a class on Real-World Cyber Risk Management and Resilience Planning as part of #EnterpriseUniversity Enterprise Bank & Trust’s education program for business leaders and professionals! Join me for this course, and take a look at all of the live, virtual courses available at no cost to…
Boston Area Friends – Join me for the lunch keynote at SecureWorld Boston on March 23!
I am super excited to share that next week I will be headed to Boston to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Thursday, March 23, 2023, I will present the lunch keynote on Cybersecurity Really Is a Team Sport, since folks…
Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!
I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on…
Shareholders Can Sue Corporate Officers for Breach of Duty of Oversight in landmark Ruling — CISOs and CPOs, You Listening?
In a landmark ruling, the Delaware Court of Chancery has recognized that corporate officers owe the company a legal duty of oversight, which has traditionally been an obligation solely of directors, and can be sued by shareholders for breach of that duty. In the cybersecurity and privacy context, what does this mean for Chief Information…
SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be…
Is This the Next Evolution of Cyber Risk Governance? The SEC Is About To Force CISOs Into America’s Boardrooms
The SEC is proposing to force boards to do what they haven’t done themselves, govern cyber risk. This article makes some excellent points and I believe it is logical to expect that this could be the next evolution for where cyber risk governance is going. “The trigger for the boards that I’m on came from…
Sharing the Load: What are Chief Privacy Officers, Chief Information Security Officers, and General Counsel Doing in Real Life to Divide Up Roles and Responsibilities? (conference panel discussion)
Business leaders are beginning to understand that cyber is not just an IT issue, a legal issue, or any other silo-ed issue, but that it is an overall business risk issue and that makes managing cyber risk a team sport. This week I had the privilege of moderating a panel discussion that was titled “Sharing…
5 Key Things In-House Counsel Can Do to Help Their Businesses’ Cybersecurity
Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do: Develop, implement, and table-top test an incident response plan Advise…
You must be logged in to post a comment.