Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Director & Officer Initiatives Involving Cyber Risks

Help Minimize Potential for D&O Lawsuits Resulting from Cyber AttacksHelp Minimize Potential for D&O Lawsuits Resulting from Cyber Attacks

On several occasions we’ve discussed the emerging risk of cyber for directors and officers and the need for executives and a company board to take the necessary steps to address and oversee their companies’ cyber risks. Although there is no case law outlining the extent of a director’s duty of care with respect to data security, it’s becoming increasingly more clear that management should play a key role in ensuring a robust data-security program is in place in order to minimize the risk of litigation.

For example, Target after its breach was hit with derivative shareholder lawsuits against its directors and officers with the cases still pending. These lawsuits named 13 of Target’s directors and officers as defendants and asserted claims for breach of fiduciary duty and waste of corporate assets, among others. The shareholders challenge not only the directors’ and officers’ conduct before the data breach, alleging their misconduct allowed the data breach to happen, but also challenge their conduct following discovery of the data breach, asserting the directors and officers acted improperly in the way they disclosed, investigated, and remediated the data breach.

While a board in its oversight role cannot be expected to become the company’s IT experts, legal professionals recommend the following steps be taken, including considering the following initiatives:

  • Ensure that data privacy and data security, and the resources devoted to those areas, are a regular topic of discussion at board meetings, including holding regular presentations on these topics by officers of the company knowledgeable about them.
  • Depending on the company’s specific risk profile and circumstances, designate one of the board’s committees to have primary oversight on data security and ensure that the company’s data-protection measures, and any noted issues, are discussed regularly at meetings of the relevant committee.
  • Retain third-party consultants periodically to assess the company’s data-protection systems and to suggest areas for improvement.
  • Consider carefully any deficiencies identified in these assessments, and document the steps taken to remediate them, if necessary.
  • Set up a cross-functional incident response team, which comprises of legal, IT, customer service, public relations, and other personnel. The team should be primarily responsible for investigating and responding to any eventual data breach.
  • Investigate thoroughly any allegations of a data breach, including meeting with incident-response personnel or senior executives as appropriate. Be sure the company’s efforts are documented, addressing to the cause of any such breach, and taking other remediation efforts and steps to address security vulnerabilities, if any, identified in the investigation.

As data breaches become more prolific and increasingly more challenging for companies to prevent, directors and officers should take concrete actions, both prior to a breach and in the aftermath of one, in order to demonstrate their diligence and good faith in addressing this growing area of risk. This will help not only with the reputation of the company but also protect the directors and officers from allegations that they did not take sufficient enough measures to prevent the breach or to investigate it.

Axis Insurance Services provides Directors & Officers Liability insurance to public, private and non-profit companies. To discuss your insurance program, call us at (877) 787-5258.

Source: Hogan Lovells Law Firm

Comments

comments

Blogged on: April 20, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions