Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom

New York's Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think -- including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your [...]

Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ

The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better Paul and I are both firm believers in focusing on the basics so that [...]

Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why

"Can I be held personally liable for my company's data breach?" That is one of the questions I am asked most frequently. The answer is "YES!" though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides [...]

3 Key Points the Board Needs to Know About Cybersecurity

Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should. Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues [...]