In the wake of cyber attacks against corporations, directors are expected to have become well aware of the fact that cybersecurity is a critical part of the corporate framework.
Cybersecurity may be defined as the processes and technologies construed to protect computers, computer hardware, networks and data from unauthorized access by cyber criminals and hackers. With repeated attacks against corporations, boards of directors ought to cite cybersecurity as their most imperative risk related concern.
Generally speaking, those who manage a corporation must answer to the shareholders, the true owners of the corporation. When a data breach occurs, the board of directors is faced with regulatory and litigation risks on the basis that the directors have violated their fiduciary duties by failing to place adequate safeguards in place to protect valuable information belonging to the corporation, whether financial information or customer information. Thus, directors are named as individual defendants.
With the continuous and rapid growth of sophisticated cyber attacks on major corporations, quick attempts by corporations should be taken to secure sensitive and confidential data relating to the corporation itself and its customers. By having a well-informed, involved, and focused board of directors, corporate governance can be performed properly, and as a result the corporation and its shareholders’ assets will be protected. The Board’s duty of oversight over cyber risk management is vital in ensuring that corporations are adopting adequate steps to prepare and prevent the various harms that could result from a cyber attack. Ultimately, given the rapid evolvement of cyber attacks and the conduct of corporate espionage, directors should understand that there is no other substitute but to be well prepared and engaged with cybersecurity risk management, as well as their supervision of the corporation’s measures in addressing and mitigating these risks.