In my last article, I noted that corporate boards, especially those of public companies, are facing increased scrutiny and liability exposure in relation to cybersecurity and data privacy. While companies continue to gather and store large amounts of data, they are also more and more likely to be subject to a damaging cyberattack or data breach. The actions and composition of boards will be closely watched in the court of public opinion as well as by the courts themselves and by lawmakers.
The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others.
Companies also face a potential loss of intellectual property and trade secrets as well as litigation brought by harmed customers, business partners, or shareholders. Major reputational damage and loss of investor confidence can also occur, often accompanied by decreased stock…
