• Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

Orlando: (321) 285-2300 | Tampa: (813) 444-7388

whitehouse cooper logo
  • Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

whitehouse cooper logo
  • Home
  • Attorneys
    • About
    • Cheryl Cooper
    • Daniel Whitehouse
  • Testimonials
  • Practice Areas
    • Business Law
      • Gig Economy Package
    • Technology Law
      • Data Breach Attorneys
      • Solutions For MSPS
    • Intellectual Property
    • Marketing Law
  • News & Publications
    • Tech Law Tips Podcast
    • Speaking Engagements
    • Blog
    • eNewsletter Sign Up
  • Contact

Why Cybersecurity Is a Board-Level Issue

Cheryl Cooper, Esq.
October 21, 2015
Technology Law

Cybersecurity is no longer an issue that can be addressed by handing the IT guy the company AmEx and telling him to buy the latest and greatest antivirus software. Cybersecurity can’t be managed by a single individual with simple solutions. The threats are too sophisticated and the risks are too high. That’s why we’ve discussed the importance of incident response planning, putting your information security policy in writing, understanding what is covered by cybersecurity insurance, and staying up to speed on the latest data breach laws.

But how far up the ladder should cybersecurity go?

According to new research, cybersecurity is widely considered a board-level issue. In fact, a recent Palo Alto Networks survey found that three quarters of respondents agree or strongly agree that their organization’s board of directors has been actively involved in cybersecurity. These findings were reinforced by Gartner’s annual end-user survey for privacy and information security, which revealed that 71 percent of respondents believe IT risk management data had an impact at the board level.

Because of the severe damage that can be caused by a data breach, senior executives are now taking the fall in some cases, not just the employees or vendors who may have opened cyber doors for attackers. The CEO and CIO of Target were both fired after the company’s high-profile data breach that impacted 40 million customers. The Director of the U.S. Office of Personnel Management resigned after hacked personnel databases resulted in the compromised personal data of more than 21 million government employees and family members.

The takeaway here is that cybersecurity is a risk management issue that goes far beyond IT operations and requires board-level oversight. The fiduciary duty of the board of directors is to protect company assets. Those assets include proprietary information, trade secrets, the private data of employees and customers, and the company’s reputation. Directors don’t have to know how to install and configure a next-generation firewall, but they should have access to experts who can advise them on security strategies that can safeguard those assets.

But again, cybersecurity is not just about technology. Whether the board is directly involved in cybersecurity or forms a risk oversight committee for that purpose, there should be oversight of all security policies and processes, from the identification of threats and vulnerabilities to breach notification procedures to business continuity planning. The National Institute of Standards and Technology has released a voluntary Cybersecurity Framework of standards and best practices developed to reduce risk to IT infrastructure and data housed in that infrastructure.

Of course, downloading documents and understanding general principles are one thing. Implementing best practices in a way that addresses privacy, regulatory requirements and legal liability is something quite different. This is why boards of directors would be well-served to seek legal counsel to provide guidance on cybersecurity regulations and policies, which are constantly evolving and require frequent review and evaluation.

A breach can have serious financial repercussions, including lost sales, litigation and compliance fines. The negative publicity alone from a security incident can be staggering in terms of damage to a brand’s reputation. As a result, cybersecurity must be a priority at the board-level. It requires company resources, ongoing education and diligence, and the guidance of both IT security experts and legal counsel.

 

 


Why a Written Information Security Policy Is a Must-Have
Previous Article
Got a Selfie of You and a Celebrity? Be Careful How You Use It.
Next Article

Office Location
Orlando
Call: (321) 285-2300
1515 Park Center Drive
Suite 2M
Orlando, Florida 32801
Quick Contact Form

    Recent Posts
    Man carrying the world on his shoulders
    The Weight of the Business World

    PPP Loan Forgiveness Photo
    Rolling with the PPP Punches

    Gig Economy Package
    The Rise of the Gig Economy Worker


    Like Us On Facebook

    Facebook Twitter Linkedin

    © Copyright 2011 – 2023 Whitehouse & Cooper, PLLC. All rights reserved. Privacy Policy

    No products in the cart.

    • Home
    • Services
    • About Us
    • Our Team
    • The blog
    • Contact Us
    Toll Free
    1-885-245-45635
    New York
    1-455-245-45623
    Toronto
    1-657-544-45623
    • Facebook
    • Linkedin
    • Twitter