No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Developing Corporate Security Policies to Avoid Data Breaches

by Stephanie Resnick
October 30, 2018
in Data Privacy, Featured
IT security team

Minimizing D&O Cyber Liability

In the second of a series of articles discussing emerging theories of liability for directors and officers, Stephanie Resnick, Philadelphia Office Managing Partner and Chair of the Directors’ and Officers’ Liability Practice Group at Fox Rothschild, and John Fuller, an associate and member of the Directors’ and Officers’ Liability Practice Group at Fox Rothschild, examine the potential legal fallout from a corporate data breach and the best practices for developing comprehensive digital security policies.

with co-author John Fuller

Companies of all sizes face constant cyber threats, ranging from corporate espionage and the piracy of proprietary information to digital thieves stealing funds from online accounts. While directors and officers must be concerned about these cyber threats to corporate assets, in recent years, widespread data breaches – particularly those involving consumer information – have emerged as a significant source of liability for directors and officers themselves. The technological safeguards and procedures for responding to cyberattacks are complex and often involve sophisticated technologies. Nevertheless, officers and directors must understand the steps the company is taking to protect its digital assets.

Recent class action litigation in the wake of catastrophic data breaches has demonstrated how potential litigants may seek to hold directors and officers liable when a breach of corporate security measures occurs.

For instance, in September 2017, credit monitoring and reporting firm Equifax announced a cyber “incident,” which may have disseminated personal and credit information of as many as 143 million U.S. customers. One securities class action complaint filed in the wake of the breach asserted direct nexus between oft-pled allegations that the company failed to maintain adequate measures to protect its data systems to the precipitous decline in Equifax’s stock price following the announcement of the data breach. This connection between a data breach and a decline in stock price creates demonstrable damages, even though the potential harm resulting from the misuse of the misappropriated information is incalculable.

To address cyber threats, directors and officers must critically assess the company’s digital assets, implement appropriate security measures based on the nature of the company’s assets and known threats and, significantly, vigilantly monitor the evolution of threats and available safeguards.

In order for directors and officers to discharge their duties in evaluating threats and assessing whether their protections are adequate, directors and officers must personally understand how their company’s technologies work and how the selected safeguards are designed to react to potential threats. Directors and officers cannot merely rely on technology officers, and employees and must be in a position to genuinely engage in the decisions made to protect the company’s technological assets. Boards may, however, create subcommittees to address threats to their corporate technology, provided that that the committee’s recommendations are meaningfully implemented by the board and the company as a whole.

A comprehensive digital security program must respond to every digital security incident in some manner. Seemingly innocuous anomalies or “phishing” may be preliminary attempts by cyber criminals to probe for weaknesses in a company’s security. Further, because the reasonableness of the board’s efforts to protect digital assets is measured in part by the known and potential threats to a specific industry or company, the failure to evaluate and upgrade security in response to smaller incidents could create liability if a catastrophic breach occurs.

Further, boards should be aware of their reporting requirements with respect to the adequacy of their defenses to cyber threats and any attacks the company has experienced. Recently, the Department of Defense has implemented formal cyber-reporting rules for government contractors, and the Federal Communications Commission and U.S. Securities and Exchange Commission have brought enforcement actions against companies for their failure to implement proper cybersecurity safeguards.

Finally, digital security policies must extend beyond computer systems and must include training for management and employees. Human beings are often the weakest point in digital security, and all effective policies must take this vulnerability into account. Accordingly, the board, management and employees should understand protocols for responding when a breach occurs and should also receive training regarding email “phishing” and other scams cyber criminals use to gain access to corporate networks.

Directors and officers are ultimately responsible for ensuring appropriate cyber safeguards are in place. As the threats to data security and defenses continue to grow more complex, the fundamental best practice remains the same: genuine understanding of the threats to the company’s digital assets and fostering compliance with the security policies designed to meet those threats.


Tags: Cyber RiskData Breach
Previous Post

The Responsible Technology Firm of the Future, Part 2

Next Post

New Corporate Reporting Requirements for Modern Slavery in Asia-Pacific

Stephanie Resnick

Stephanie Resnick

Stephanie Resnick is the Office Managing Partner of Fox Rothschild‘s Philadelphia office and is Chair of the Directors’ & Officers’ Liability & Corporate Governance Practice Group. She is consistently ranked among the top business trial lawyers both regionally and nationally and is lauded by her colleagues and peers for her strategic handling of high-stakes, complex business disputes in the federal and state courts of Pennsylvania, New York, New Jersey and beyond. She has served as lead counsel in numerous high-profile litigation matters. She has been noted by peers in top publications such as The Best Lawyers in America, Chambers USA and Benchmark Litigation as “one of the best litigators in the city – aggressive, driven and responsive.” She has an “easygoing but powerful presence” and is noted for her “ability to handle things calmly while maintaining an unflinching stance.” Stephanie is also a member of the firm’s Executive Committee. She previously chaired the firm-wide national Litigation Department, overseeing more than 250 attorneys in 21 offices, a position she held for seven years. In state and federal courts across the United States, she has earned a reputation for sound judgment and innovative problem solving. Corporate executives, Fortune 500 companies and family-owned businesses turn to Stephanie for solutions to their most difficult and sensitive personal and professional issues.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

data minimization practices_w

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at...

Next Post
Malaysian woman in silk factory

New Corporate Reporting Requirements for Modern Slavery in Asia-Pacific

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT