Key Points
- Companies should critically assess the strength of their cybersecurity defenses against evolving threats, including third parties’ vulnerabilities.
- Recent changes in regulatory expectations for cybersecurity have underscored the need for board oversight of this potential risk.
- Many boards are now revisiting whether and how to assign cybersecurity oversight to a board committee.
- A well-designed governance framework for managing cybersecurity risks can help minimize the legal risks companies and directors will face after an attack. Companies that implement policies and procedures for rapidly reporting, escalating and thoroughly documenting the board’s oversight of cybersecurity issues will be well positioned to defend against post-attack litigation.
Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more on overseeing cyber risks.
At the same time, the Securities and Exchange Commission (SEC) now requires public companies to disclose more information on the board’s oversight of…
