Last month, we discussed the recent federal court decision that allows whistleblowers to sue board members directly for retaliation.  Now, it seems as though board members are assuming a bigger role in managing another corporate legal issue: cyber-attacks.

In a recent survey of board members by NYSE Governance Services and Veracode, 60% of respondents expect to see an increase in shareholder lawsuits due to cybersecurity related issues. While the expected increase in cyber-attacks should come as no surprise given recent events, with these increasing attacks seems to come an increasing call by boards for oversight and accountability.  

The survey indicates that 89% believe that businesses should be held liable if reasonable efforts are not made to secure customer data.  Eighty percent are said to have brought up the issue of cybersecurity liability in boardroom discussions with 77% noting that their companies have already increased their security assessments.

This call for accountability has led many companies to begin putting safeguards in place to protect themselves should a cyber event occur.

1. Liability Clauses: Many companies have begun inserting liability clauses into contracts with third-party providers in order to protect the company should a cyber-attack occur due to vulnerabilities in third-party software.
2. Security Assessments: This survey indicated that 77% of respondents have increased their security assessments.  In light of the numerous cyber breaches occurring, it only makes sense to test your company’s security more frequently in order to find any holes before the hackers do.
3. Cybersecurity Insurance: Companies have started carrying some form of cyber coverage in order to mitigate financial loss after a breach.  One thing to note with cybersecurity insurance: most carriers require that a company show that it took all reasonable steps to protect data before the carrier will pay out any claims.

Cybersecurity issues are here to stay and only seem to be increasing in importance for companies in all industries.  Taking the necessary steps to protect your company from a cybersecurity breach, as well as from any resulting financial liability, are critical protections that must be put in place.