Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk.
As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing to take steps to limit the risk.
During the past few weeks, I had the pleasure of running a presentation on how to deal with the risk of ransomware cyberattacks on corporations for the benefit of members of the “In the Boardroom” training course dedicated to professionals who are or aspire to become board members of publicly traded companies. As part of the presentation, we tried to give practical guidance and shared some “lessons learned” from previous cyberattacks. And the number of questions showed how the issue is relevant and the possible liability for directors.
This article aims to provide recommendations to directors of listed and unlisted companies on actions to take in advance, during, and after a cyberattack.
The size of the cyber risk to companies cannot be underestimated
To indicate the size of…
