Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding. The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders…
Tag: corporate governance
3 More Key Cybersecurity Takeaways General Counsel Should Learn Learn from Yahoo
A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons […]
5 Key Takeaways from Verizon’s GC on Lessons Learned from Yahoo Deal
A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons…
Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why
“Can I be held personally liable for my company’s data breach?”
That is one of the questions I am asked most frequently. The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.
4 Ways to Engage Executives in Cyber Risk
The CIO Journal has an informative article, 4 Ways to Engage Executives in Cyber Risk, that discusses a handful of ideas that can be helpful for engaging company executives on the issue of cybersecurity risks. Here are the 4 steps it suggests: Host a cyber risk heat-mapping session Establish key risk and performance indicators Simulate…
3 Key Points the Board Needs to Know About Cybersecurity
Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should. Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues…
Managing Cybersecurity Risks for Boards of Directors
In his latest Ethical Boardroom article, Shawn Tuma explains why it is important for board members to have an active role in their company’s cybersecurity preparation and tells them several key steps they can take to do so. Tuma also explains why cybersecurity is as much a legal issue and business issue as it is…
Cybersecurity Legal Year in Review – #DtSR Podcast
Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast. In this episode… Most important cybersecurity-related legal developments of 2015 Tectonic Shift that occurred with “standing” in consumer data…
Dear Santa: Shawn Tuma’s Cybersecurity Christmas Wish
Shawn Tuma asks Santa for one cybersecurity Christmas wish — what is yours?
What Do Cybersecurity, Brown M&M’s & Credit Ratings Have in Common?
Of all the examples of pompous extravagance the legendary rock band Van Halen exemplified, one that has always stood out was the band’s contractual requirement that the dressing room has M&M’s — but warned there were to be no brown M&M’s. If any were there, the band had the right to cancel the concert at the…