7 tactics for winning the cyber war, Part 2: Know your role

This is the second of our 9-part series based on the information from our latest white paper – a complete copy is available by request.

As a director or member of the board, it is important that you understand how cybersecurity issues affect your usual fiduciary duties. And it’s equally important that you understand what the potential liabilities are. Courts and regulators today are employing stringent standards and analyzing how you identify, assess and address cyber risk. Although the Business Judgment Rule offers certain protection for your decisions and actions, preparedness and planning are still critical to insulating yourself from liability.

Under In re: Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), you can breach your cybersecurity duties by failing to work with management at your company to:

• Implement a monitoring, compliance and risk management program
• Oversee and test the monitoring, compliance and risk management program
• Investigate possible violations once the board has actual or constructive notice of compliance and risk management issues (through whistle-blowers, formal and informal complaints, regulatory inquiries, etc.)

It isn’t enough to just have cybersecurity protocols and risk management programs. You must consistently monitor them and take action if you think there is an issue. To learn just how much action you need to take for the Business Judgment Rule to come into effect and how to properly investigate a cyber incident, request a copy of our complete white paper “7 tactics for winning the cyber war: Battles strategies for directors and officers.”