Growing Concerns Over Cybersecurity
By Cydney Posner
Following is a link to an article discussing the increasing importance of cybersecurity for in-house counsel and directors. The concerns have been triggered by the apparent ease with which even very sophisticated people and systems have recently been hacked. Clearly, problems in addressing these issues pose a threat, not just to the company hacked, but more significantly, to the technology industry as a whole. The article cites a new survey of 1,957 general counsel and 11,340 corporate directors showing that "data-security concerns are now top of mind at many corporations. For the first time in 12 years the results of the ‘Law and the Boardroom Study,' conducted by FTI Consulting and corporate governance information company Corporate Board Member, show data security as the most prevalent concern among both groups (48 percent of directors and 55 percent of general counsel), topping the perennial front-runners—operational risk and reputation." Moreover, 33% of GCs " ‘believe their board is not effective at managing cyber risk,'… one of the worst ratings of board effectiveness, according to the report….'Less than half (42 percent) of directors said their company has a formal, written crisis management plan [in the event of cyberattack]; just over a quarter (27 percent) said their company has no such written plan, and nearly another third (31 percent) were uncertain,' the study states."
Nevertheless, in what may be a remarkable exhibition of cognitive dissonance, 77% of directors and GCs believe, despite the absence of crisis plans, "'their company is prepared to detect a cyber breach should one occur,' according to the study." According to the article, "the Department of Energy is encouraging electric-power companies to adopt a separate board altogether that's just devoted to cyber-risk governance, as Network World reports. Under the recommendation,… a ‘cybersecurity governance board' would ‘develop a cybersecurity strategy for the utility and recruit a new vice president of cybersecurity to implement a program based on the strategy'." Of course, no one expects that most non-utilities will go that far, but wishful thinking may not be enough to do the trick.
This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.