In a recently published survey of corporate directors and officers, cyber and privacy risks topped the list of global boardroom concerns. The survey report, titled Personal Exposure to Global Risks, compiled the views of 161 directors, non-executive directors, partners, in-house lawyers, risk officers, and compliance professionals around the world with regard to the top risks facing their enterprises.
Corporate boards are facing mounting pressure concerning their oversight of data security and privacy risks. Regulatory guidance, emerging regulatory requirements, fines, and lawsuits combined with technological advances and changing business processes are shaping a new and evolving standard of care with exponentially increasing exposures for today’s directors and their organizations. Boards now find themselves front and center when it comes to dealing with these difficult issues, which dramatically increases their need for effective reporting from management and other subject matter experts.
As explained in this post from Wilson Elser and DAC Beachcroft, the NY DFS cyber security regulation explicitly places cyber responsibility on corporate boards. Smart companies are re-examining their D&O and cyber insurance policies in light of this new exposure.
For the past decade, the duty of corporate directors to oversee corporate risk has become more and more pronounced. Over the past several years, however, cyber and data handling risks have emerged as perhaps the most challenging of the areas requiring board oversight.