In the wake of the onerous settlement imposed on Target Corporation arising from its data breach, the cyberattack against Equifax and its aftermath, the U.S. Securities and Exchange Commission’s (SEC’s) own questionable handling of its data breach, and ongoing data breach lawsuits against directors, public company directors are rightfully concerned about their cybersecurity oversight duty.

To fulfill their duties of care and loyalty, state laws require boards to ensure the implementation of reporting and information systems, and to monitor and oversee these systems. As long as directors fulfill these duties, directors reduce the risk of personal liability in the wake of a data breach. Nevertheless, given the continuous rise of cyberattacks against companies, directors know that stakes are high and are looking for guidance on how to best protect their companies. The resulting fallout from recent data breaches provides real-life case studies that can help boards develop technical literacy around cybersecurity and best practices for their oversight responsibility so that they can work with management to identify new risks and avoid pitfalls. Click here to read the full article.