Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability

Let’s face it — data security is significant problem for corporate America.  If you don’t think so, here’s a statistic that may help convince you: in Q1 2019 alone, there were 1.9 billion records exposed. In fact, a business falls victim to a ransomware attack every 14 seconds.  That’s right — every 14 seconds.  In fact, the global cost of online crime is expected to reach $6 trillion by 2021.  Sadly, there are lot more statistics where those come from, and they are not encouraging.  Suffice it to say that businesses must take their cybersecurity very seriously.  Thankfully, may companies already take steps to secure their data, but oddly, many companies think that such measures are an IT function and that any data security program does not merit serious “board-level” oversight. Such an approach is asking for trouble, in more ways than you may think.

Let’s set a foundation that every company must understand: data security is not solely an IT function.  Don’t take my word for it — the National Association of Corporate Directors (NACD) Director’s Handbook on Cyber-Risk Oversight lists five (5) core principles that are applicable to board…