This is the second of our 9-part series based on the information from our latest white paper – a complete copy is available by request.
As a director or member of the board, it is important that you understand how cybersecurity issues affect your usual fiduciary duties. And it’s equally important that you understand what the potential liabilities are. Courts and regulators today are employing stringent standards and analyzing how you identify, assess and address cyber risk. Although the Business Judgment Rule offers certain protection for your decisions and actions, preparedness and planning are still critical to insulating yourself from liability.
Under In re: Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), you can breach your cybersecurity duties by failing to work with management at your company to:
- Implement a monitoring, compliance and risk management program
- Oversee and test the monitoring, compliance and risk management program
- Investigate possible violations once the board has actual or constructive notice of compliance and risk management issues (through whistle-blowers, formal and informal complaints, regulatory inquiries, etc.)