Assuring cybersecurity has become a necessity for businesses across all industries. Cybercrime — with over $1 trillion in annual profits — is now the most lucrative illegal global business. Any business with computers and internet access is vulnerable not only from outsiders waiting to pounce but also from within the enterprise as a result of human error or bad intentions. Given the size of this problem, it is not surprising that the National Association of Corporate Directors has stated that to make real progress in the cybersecurity area, businesses must treat cybersecurity as a matter of “corporate best practices” and not just a technology issue. Companies face the risk of substantial damage from loss of customer confidence, decrease in market value and damage to their reputations as well as litigation and regulatory risks in the event of a cybersecurity breach. In October, the Department of Homeland Security sponsored Cybersecurity Awareness Month in an effort to raise awareness and educate Americans about cybersecurity and to increase the resilency of the nation’s cyber infrastructure. Now may be the perfect time for you, too, to refocus on whether your business has adequately planned for the security of its assets.

I. Overview of State and Federal Privacy, Security and Breach Laws -

From a regulatory perspective, federal and state laws create obligations on how companies must protect data and maintain cybersecurity. Under federal law, certain industries have heightened obligations as a result of laws such as HIPAA and Graham-Leach-Bliley. In addition, the federal securities laws, including Sarbanes–Oxley, require that corporate leadership maintain adequate controls over their systems which could be implicated upon a cybersecurity breach. Finally, boards of directors of all companies have fiduciary duties to their companies, such as the duty of care, resulting in individual exposure for corporate leadership upon the occurrence of a loss caused by a cybersecurity breach. While this article is focused on the duties of directors, recent Delaware cases have found officers generally have the same duties as directors.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Cyber Crimes, Cybersecurity, Data Protection, Fiduciary Duty, Gramm-Leach-Blilely Act, HIPAA, Publicly-Traded Companies, Reporting Requirements, Risk Management, Sarbanes-Oxley

Published In: Business Organization Updates, Privacy Updates, Science, Computers & Technology Updates, Securities Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Walker | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »