Cybersecurity remains one of the biggest concerns facing the insurance industry. While all levels of operation within an organization are responsible for cybersecurity, recent litigation and regulatory action have demonstrated that the ultimate responsibility for enacting a company’s cybersecurity rests with the board of directors. Many boards of directors have had to defend themselves against shareholders alleging that the board’s failure to take steps to prevent a data breach violated board members’ fiduciary duty of care. Regulators have also stepped up examinations of companies’ cybersecurity programs, sometimes reminding directors that cybersecurity is not merely a question for IT personnel, but rather a high-priority issue that must be addressed from the top-down. To avoid potential litigation or regulatory action, boards should be proactive strive to create company-wide cybersecurity protocols and policies that regularly test cybersecurity systems, require training in cyber risk management, establish a data breach response plan,…
