Shearman & Sterling LLP 30 | Cybersecurity – Preparing for the Changing Landscape
WHAT SHOULD BOARDS BE THINKING ABOUT NOW?
CYBERSECURITY – PREPARING FOR
THE CHANGING LANDSCAPE
Lona Nallengara and
Emma Maconick
Topics like corporate culture, board
diversity and sustainability continue
to dominate the discussions among
directors and those that advise them.
These issues are also drawing the
attention of institutional investors
and, more recently, employees and
customers are adding themselves to
the debate. While these issues are
taking up even more space on the
shareholder engagement calendar of
public companies and the "ordinary"
governance issues, such as CEO/board
chair separation or majority voting,
are receiving less attention than in
the past, risk management continues
to be an important priority on the
board agenda. For most companies,
cybersecurity and data protection
are chief among these risk
management issues.
The changes to the cybersecurity
and data protection landscape have
been significant. The growing number
and sophistication of cyberattacks,
INSIGHTS
Cybersecurity and data protection
are not new areas of focus for
directors. Most general counsels
and corporate secretaries are
working with their board chairs to
make more time on the crowded
board agenda to discuss these
issues. Whether the goal is to better
understand the company's risk profile,
assess management's handling of
cybersecurity threats or learn about
emerging trends and best practices,
directors are becoming educated
on these issues, and the recent
developments discussed below
should be part of those discussions.
the involvement of state actors and
cyber-activists and the growing
acceptance of the fact that no
industry or company is immune
compels directors to ensure
preparedness and responsiveness do
not fall off the board agenda or end up
relegated to quarterly briefings by the
chief information security officer or the
head of information technology.