Protecting Directors from Liability for Cybersecurity Risks
As we have noted in a number of recent posts, corporate cybersecurity risks have become a leading concern for both boards of directors and the SEC. Our colleagues David Barres and Dom Picca recently published an article on "Director Liability for Cybersecurity Risks" in Corporate Counsel, in which they advise corporate boards on how to protect themselves against lawsuits claiming that the directors breached their fiduciary duties by failing to ensure adequate corporate cybersecurity. They also review the principles governing fiduciary duty suits and related litigation concerning data security. In one recent shareholder derivative suit, for example, the plaintiff claimed that the president/CEO/director of a software company breached his fiduciary duties by taking actions that allegedly compromised client security, exposed the company's website to hacking, and violated data-privacy laws. David and Dom list specific steps that directors can take to improve board oversight of corporate cybersecurity, thereby showing that they have met their fiduciary duties in this area. Their article also discusses potential gaps in director and officer insurance coverage for cybersecurity litigation and what boards can do to close those gaps. In addition, for more recommendations for directors on cybersecurity and insurance issues, please check out the Cyber Risks Boardroom Series on Mintz Levin's Privacy and Security Matters blog.