Board members play a key role in ensuring their organisations are protected against cyber threats. They are responsible for setting the tone at the top and ensuring that cyber security is prioritised at the highest levels of the organisation. Legal and ethical responsibilities demand that board members stay informed about the cyber security landscape and the specific risks facing their organisations.
Failure to comply with cyber security regulations can lead to severe consequences, including substantial financial penalties, legal action and irreparable damage to the organisation’s reputation. Recent incidents have demonstrated that board members can be held personally accountable for lapses in cyber security, facing both legal and reputational risks.
A devastating example would be the case of Uber’s former security chief, Joe Sullivan, who was convicted for concealing a data breach. According to a testimony reported by Courthouse News Service (2022), Craig Clark, an in-house attorney at Uber, testified that this secrecy was approved by the “A-Team”, which included ex-CEO of Uber, Travis Kalanick, who knew and approved the payment of a ransom to the hackers, which ultimately led…
