Cybersecurity Awareness Month - October 2023
In today’s fast-paced world, technology is in a perpetual state of evolution; an ever-changing landscape that consistently pushes the boundaries of what we once thought possible. With each passing moment, innovations emerge, algorithms improve, and devices become smarter and more intuitive.
Technology changes the world. Minute by minute. Day by day. Before our very eyes. This relentless transformation has become an intrinsic part of our lives, shaping the way we communicate, work, and live, while challenging us to adapt, learn, and embrace the exciting possibilities of the future.
Transformative technology carries the convergence of so many things, it is the mix of function and technical training. Industries that were once siloed, practicing in only one domain, now run together. We see manufacturing companies getting into healthcare, telephone companies getting into energy, and government and public services exploring regulation and policy. There is an incredible interdisciplinary effort among us all streaming together.
Cybersecurity and Executive Liability
In observation of Cybersecurity Awareness month, we are focusing on the intersection of Cybersecurity with Executive Liability risk. Executive officers and members of Boards of Directors owe two primary fiduciary duties to their organizations – the duty of care, and the duty of loyalty. The duty of care is the level of care that a prudent person would use under similar circumstances. The duty of loyalty requires that members refrain from benefiting themselves at the expense of the corporation that they serve.
For years, the SEC has warned companies of cybersecurity risks, specifically related to reporting obligations and subsequent legal actions pursued. Directors and Officers can be held liable for omissions or misrepresentations in the company’s public disclosure, which could include disclosures about the status of cybersecurity incidents, risks, and preventative measures taken. This presses Directors and Officers to understand, implement, and monitor safeguards accordingly. The costs associated with data breaches are significant and lead to investigations by state or federal agencies, regulatory fines and sanctions, private litigation, shareholder suits, and undoubtedly, personal liability for officers and directors.
Cybersecurity has ranked as a top political issue for Directors and Officers, trailing only the economy and the regulatory environment. Many boards struggle with how to effectively execute their duties to the company with respect to Cyber risk management. There is a lack of processes and the expertise they need to surface, evaluate, and address this risk. Executives and board members are encouraged to consult counsel regarding cybersecurity compliance and initiatives. In this complex regulatory landscape, seeking strong corporate defense and compliance best practices is of utmost priority.
How To Strengthen Cybersecurity Board Oversight
Sentinel recommends these eight principles for stronger Cybersecurity Board Oversight:
Evaluate the organization’s approach to Cybersecurity as an enterprise-wide risk management issue and assess the firm’s overall cyber risk management strategy.
Research and understand the cyber risk and the legal implications as they relate to the organization’s specific circumstances. Consider whether you need additional in house or third-party experts to fully assess your exposures.
Set the expectation that a management framework with adequate staff and budget is in constant motion.
Provide adequate access to cybersecurity expertise coupled with ongoing discussions about cyber risk management. Be consistent and allow sufficient time on board meeting agendas for discussions.
Board Management discussion of cyber risks should include multiple, diversified perspectives. Be sure to consider empowerment of the CISO voice. A strong Cyber expert is imperative to establish overall risk posture.
Develop Data Breach Response Plans. Specific plans should be associated with each approach.
Test the organization’s response plan with periodic Cyber exercises and address any chinks in the armor found.
Perform due diligence on your cyber insurance broker. Your insurance representative should be leveraging the work performed by your firm to negotiate the terms and premiums of your insurance program. It is imperative to engage with an expert cyber and executive liability brokerage team. Have your broker present an overview of the cyber and executive liability programs directly to the board and be available for questions.
Safeguarding Your Success
Sentinel is the premier independent broker with expertise in Executive, Professional, and Cyber/Network Security Liability. Advantages of consulting with Sentinel include:
Sentinel guides the creation of an environment for careful Cybersecurity and Executive Liability consideration. Contact our team today to learn more.