Director Oversight of Cybersecurity: Answers to Key Questions
Lane Powell Shareholder Doug Greene authored a December 13 Puget Sound Business Journal article titled “Director Oversight of Cybersecurity: Answers to Key Questions.” In the article, Greene provided answers to some of the key questions that corporate directors are asking regarding their companies’ cybersecurity practices, including:
“What are the board’s fiduciary duties in the area of cybersecurity oversight?” He stated that:
Board oversight of cybersecurity conceptually is no different than oversight of any other area of risk. The board must take good-faith steps to ensure that the company has systems designed to address cyberattack prevention and mitigation, and to follow up on any red flags it may see. The board’s decision making is protected by the business judgment rule.
It is important for directors to understand that cybersecurity oversight isn’t exotic. With the help of experts — on whom directors are entitled to rely — boards can ask the same types of questions they’re used to asking about other types of risk and gain a similar degree of comfort.