Security breaches have become a staple of the daily news. A national restaurant chain announced in August 2014, that a payment card processing system breach involved 33 restaurants in 18 states and that the incident lasted nearly six months. In December 2013 and January 2014, three major retailers acknowledged cyber-attacks affecting over 70 million customers; in October 2013, a major software company acknowledged that hackers had accessed customer names and card information for up to 2.9 million customers; and in May 2013, a daily-deal company announced that information about more than 50 million users may have been accessed in a cyber-attack. Hackers brought down a major bank’s website in March 2013, and a month earlier, a social media platform announced that hackers had accessed the personal information of as many as 250,000 users. These are just a few examples of recent cyber-attacks against major corporations. Security experts now claim that data breaches and cyberattacks are not a matter of ‘‘whether,’’ but of ‘‘when.’’Such attacks cause major headaches for targeted companies,lead to declines in enterprise value, and create significant liability.
As security breaches proliferate, their consequences are becoming increasingly severe. However, a 2012 report by the Carnegie Mellon CyLab, RSA, and Forbes exposes the generally hands-off approach of many corporate boards of directors where cyber threats are concerned. That report found that ‘‘boards still are not undertaking key oversight activities related to cyber risks.’’ Cybersecurity is a highly technical area and not a revenue-generating expenditure, but rather a cost saving one. Nevertheless, a successful cyber-attack can lead to a drop in share price, regulatory action, negative publicity, and possibly personal liability for board members. As Securities and Exchange (‘‘SEC’’) Commissioner Luis A. Aguilar explained in June 2014 remarks to the New York Stock Exchange (‘‘NYSE’’), ‘‘ensuring the adequacy of a company’s cybersecurity measures needs to be a critical part of a board of director’s risk oversight responsibilities.’’ However, only 31 percent of those surveyed for the CyLab report stated that their boards regularly reviewed reports of security breaches.
Originally Published in BNA’s Banking Report, 103 BNKR 458 - August 26, 2014.
Please see full Publication below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.