Annual Corporate Governance & Executive Compensation Survey

2018 Corporate Governance Survey

Issue link:

Contents of this Issue


Page 17 of 109

CYBERSECURITY – BOARD OVERSIGHT Lona Nallengara and Emma Maconick Shearman & Sterling LLP 16 | Cybersecurity – Board Oversight CYBERSECURITY – BOARD OVERSIGHT Lona Nallengara and Emma Maconick Cybersecurity remains a key focus for boards of public companies. Ransomware attacks, the theft of personally identifiable information and "zero-day" vulnerability exploits continue to fill the headlines, and directors of public companies in all industries should take it as a reminder of their important oversight role in the management of risk and the need to assess both management's ability to properly manage cybersecurity matters and their own capabilities to serve in a meaningful oversight role. The daily media reports are contrasted by a number of past surveys of directors of public and private companies that show staggeringly low responses on questions as to whether the board is getting regular briefings on cybersecurity matters, whether the board has adequate expertise to INSIGHTS a cybersecurity incident affecting all of their investments. As part of their engagement with public companies, institutional investors are increasingly focusing their board governance questions on risk management generally and cybersecurity in particular. Institutional investors want to know that companies have considered their cybersecurity risk profile and will probe companies on the cybersecurity and data security risks they are facing, who could target them and how their security programs and their boards' oversight have developed around these threats. Institutional investors also want to know that there is expertise both in management and on the board that can execute and oversee, respectively, a comprehensive cybersecurity readiness plan. address cybersecurity and whether directors believe cybersecurity is even a board-level issue. Although it may appear that boards have been slow to focus on cybersecurity, that seems to be changing, and actions of institutional investors and governmental authorities are moving boards along. Cybersecurity matters have increasingly been the focus of institutional investors. Although institutional investors are focused on those companies with the greatest vulnerability to cybersecurity attacks, they are increasingly concerned with the impact of business interruptions, compromised personal data, stolen intellectual property and the litigation, reputational damage and the loss of management focus that can result from Liability Business Interruption Stolen Intellectual Property Loss of Management Focus Reputational Damage Cybersecurity Incident

Articles in this issue

view archives of Annual Corporate Governance & Executive Compensation Survey - 2018 Corporate Governance Survey