In a landmark ruling, the Delaware Court of Chancery has recognized that corporate officers owe the company a legal duty of oversight, which has traditionally been an obligation solely of directors, and can be sued by shareholders for breach of that duty. In the cybersecurity and privacy context, what does this mean for Chief Information…
Tag: corporate governance
SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be…
Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?
Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding. The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders…
3 More Key Cybersecurity Takeaways General Counsel Should Learn Learn from Yahoo
A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons […]
5 Key Takeaways from Verizon’s GC on Lessons Learned from Yahoo Deal
A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons…
Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why
“Can I be held personally liable for my company’s data breach?”
That is one of the questions I am asked most frequently. The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.
4 Ways to Engage Executives in Cyber Risk
The CIO Journal has an informative article, 4 Ways to Engage Executives in Cyber Risk, that discusses a handful of ideas that can be helpful for engaging company executives on the issue of cybersecurity risks. Here are the 4 steps it suggests: Host a cyber risk heat-mapping session Establish key risk and performance indicators Simulate…
3 Key Points the Board Needs to Know About Cybersecurity
Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should. Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues…
Managing Cybersecurity Risks for Boards of Directors
In his latest Ethical Boardroom article, Shawn Tuma explains why it is important for board members to have an active role in their company’s cybersecurity preparation and tells them several key steps they can take to do so. Tuma also explains why cybersecurity is as much a legal issue and business issue as it is…
Cybersecurity Legal Year in Review – #DtSR Podcast
Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast. In this episode… Most important cybersecurity-related legal developments of 2015 Tectonic Shift that occurred with “standing” in consumer data…
You must be logged in to post a comment.