The (Somewhat) Good News and Bad News of Corporate Cyber Readiness
The NACD's recently released Public Company Governance Survey contains both troubling and encouraging findings concerning the current state cybersecurity risk readiness.
November 30, 2017 at 12:00 PM
4 minute read
The National Association of Corporate Directors (NACD) recently released the results of its flagship 2017-2018 Public Company Governance Survey, which identifies key areas of concern for corporate directors. This year's survey results contain both troubling and encouraging findings concerning the current state cybersecurity risk readiness at public companies.
Not surprisingly, the survey of 587 corporate directors of 520 public companies identified cyber security threats among the top five trends predicted to have the greatest effect on companies over the next 12 months, trailing behind only risks associated with significant industry change, business model disruption, and changing global economic conditions.
|The (Somewhat) Good News
The encouraging news from the survey is that boards seem to be slowly gaining a better understanding of cybersecurity risks, enabling them to better vet and question the information they receive from corporate management about cyber risks. This year, 15 percent of directors believe that their boards have very little or no knowledge of cyber risks, compared with 22 percent in 2015. By any measure, however, 15 percent is a remarkably high number for public companies concerning this critical risk.
On a brighter side, it appears that more of today's corporate directors are not blindly accepting internal reporting concerning their company's state of cyber readiness. Twenty-two percent of directors indicated dissatisfaction with the quality of cyber risk information they receive from corporate management. Those directors do not believe that they have adequate transparency into the company's cyber security problems or that the information they are receiving does not allow for effective internal and external benchmarking.
These should be critical areas of concern for every corporate director, as responsibility and liability for cybersecurity is beginning to reach board levels, as exemplified by the New York State Department of Financial Services (DFS) Cybersecurity Regulation, which contains explicit board responsibilities and mandates written certification of compliance with the regulation by the board or a senior officer. It is widely anticipated that other regulators will follow DFS's lead and adopt similar regulations, further increasing the cyber risk stakes for corporate directors.
|The Bad News
The survey also contain some findings that have no silver lining. Only 37 percent of directors are confident or very confident that their companies are properly secured against a cyber attack, while 60 percent indicated that they are only slightly or moderately confident. Three percent responded that they are not at all confident. In the survey's Executive Summary, the NACD noted that the lack of board confidence “may be driven by the fact that existing defense systems quickly become obsolete when cyber threats mutate and companies adopt new technologies.”
|Final Thoughts
This year's NACD survey provides an important reality check for directors and their legal counsel concerning the current state of board awareness and competence relating to cyber risk. Those risks are now firmly on the shoulders of today's corporate directors. Indifference to the risks or simply accepting internal reporting about them will not suffice, given their gravity and the financial, competitive, and reputational impact they can have on the enterprise. To protect themselves and their companies, corporate directors need to engage in active, engaged, informed, and documented oversight of cyber risks.
Judy Selby JD is a Principal of Judy Selby Consulting LLC and a senior advisor at Hanover Stone Partners LLC. She provides insurance consulting, cyber insurance analysis, and insurance coverage expert witness services, with a particular focus on cyber-related issues.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250