The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Boards of Directors

  • From Vol. 3 No.5 (Mar. 8, 2017)

    Preparing For Ransomware Attacks As Part of the Board’s Fiduciary Duty

    Managing enterprise cybersecurity risk is a key obligation of a company’s general counsel and board of directors. The rapidly increasing frequency and sophistication of ransomware attacks in particular have made them a pervasive and challenging part of that enterprise risk. Debevoise partner Jim Pastore spoke with The Cybersecurity Law Report about what GCs and boards need to know about ransomware and how those stakeholders can effectively fulfill the board’s cyber-related fiduciary duty to the company. Pastore will be a panelist at Skytop Strategies’ Cyber Risk Governance conference on March 16, 2017 in New York. An event discount registration link is available to CSLR subscribers inside this article. See also “How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part One of Two)” (Jan. 20, 2016); Part Two (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 3 No.4 (Feb. 22, 2017)

    A CSO/GC Advises on How and When to Present Cybersecurity to the Board 

    As more boards come to understand cybersecurity as a critical issue that cannot be ignored, briefings on the topic have become more common. Those with the responsibility for presenting such briefings must understand what information is essential for the board to know and how to communicate it effectively. Dr. Chris Pierson, EVP, chief security officer and general counsel for Viewpost, a FinTech payments company, and the former CPO, SVP for the Royal Bank of Scotland’s U.S. banking operations, spoke to The Cybersecurity Law Report about his experiences briefing the board on cybersecurity and shared his insights on the most effective reporting structure, how to obtain buy-in and budget and the importance of communicating business advantage. See also “How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part One of Two)” (Jan. 20, 2016); Part Two (Feb. 3, 2016).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part Two of Two) 

    Through engagement, risk assessment, and continual review of cybersecurity risks and solutions, directors can both mitigate their own liability as well as the data security and litigation risks threatening the company. Part two of our two-part series on the board’s critical role in cybersecurity and data privacy issues addresses: how the board can follow up on management presentations; steps it should take after a breach; recent post-breach derivative suit caselaw; and how the board, in-house counsel and management can ensure a strong defense to such derivative actions. Part one provided best practices for management and in-house counsel to educate the board and keep the directors updated on cyber-related issues. See also “The Multifaceted Role of In-House Counsel in Cybersecurity” (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 20, 2016)

    How In-House Counsel, Management and the Board Can Collaborate to Manage Cyber Risks and Liability (Part One of Two)

    “Cybersecurity is an enterprise risk issue that should ultimately rise to the level of the board of directors,” Ivan Fong, senior vice president, legal affairs and general counsel of 3M Company, advised. Understanding the role of the board, and counsel’s role working with the board, is integral for managing cybersecurity risk effectively. Part one of this two-part article series examines the increased role of directors in ensuring companies are appropriately protected against cyber threats and how management, including in-house counsel, should communicate with the board and keep it updated and informed. Part two will address the litigation risks faced by the board and individual directors and how to limit that liability, including details about the role directors should play to satisfy their fiduciary duties. See also “Protecting the Crown Jewels Using People, Processes and Technology” (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 20, 2016)

    Defining, Documenting and Measuring Compliance Program Effectiveness

    The risks of having a cybersecurity compliance program that exists only on paper are well-known, but measuring whether the program is actually working, how it is working and documenting those findings for internal and external stakeholders present challenges. A recent program at the SCCE Annual Compliance & Ethics Institute considered how compliance professionals can measure and document steps taken to demonstrate the effectiveness of their compliance programs for cybersecurity and other areas of law. The program featured Scott Hilsen, a managing director at KPMG’s forensic unit and Jean-Paul Durand, a vice president and chief ethics and compliance officer at Tech Data Corporation. See also “Eight Ways Compliance Officers Can Build Relationships With the ‘Middle’” (Oct. 14, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats

    How to handle five data privacy danger zones; the board’s role in cybersecurity; public relations strategies after a breach; and clauses to include in cloud vendor contracts were among the hot topics Weil, Gotshal & Manges attorneys discussed at a recent conference.  Partners Carrie Mahan Anderson, Jeffrey S. Klein, P.J. Himelfarb, Jeffrey D. Osterman and Michael A. Epstein shared their advice in the panel discussion.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Shifting to Holistic Information Governance and Managing Information as an Asset

    As companies store more and more data and increasingly rely on that data for a variety of purposes, they are starting to integrate data management into all aspects of the business.  In this interview with The Cybersecurity Law Report, Donna L. Wilson, a partner at Manatt, Phelps & Phillips and co-chair of the firm’s Privacy and Data Security practice, discussed how companies should be implementing holistic information governance as part of enterprise risk management by stressing the importance to the board of directors, designating a corporate “conductor” to bring various stakeholders within the organization together, and conducting an internal inventory to understand what information assets the company has and needs to protect.  Wilson also commented on the efforts to share threat information between and among financial firms and law firms.

    Read Full Article …