As I have noted in prior posts (most recently here), the current coronavirus outbreak presents corporate boards with a number of challenging issues. In the following guest post, Nick Goldin, Eric Swedenburg and Brad Goldberg of the Simpson Thacher law firm review the considerations that corporate boards should take into account as their companies grapple with the challenges that the pandemic poses. The authors extend their appreciation to Sarah Eichenberger for her substantial contributions to this piece. A version of this article previously was published as a Simpson Thacher client memorandum. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article.
Continue Reading Guest Post: Considerations for Corporate Directors As Their Companies Confront COVID-19

David M. Furbush
David M. Lisi

Cybersecurity issues are currently at the top of the agenda for corporate boards. In the following guest post, David M. Furbush and David M. Lisi of the Pillsbury law firm review what corporate directors should understand about their companies’ cybersecurity risks and how boards can go about proactively participating in decisions about what to do to mitigate these risks. I would like to thank David and David for their willingness to allow me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David and David’s guest post.
Continue Reading Guest Post: What Corporate Directors Need to Know about Cybersecurity

Peregrine_M_7869_L
Michael W. Peregrine

In the following guest post, Michael W. Peregrine, a partner at the McDermott, Will & Emery law firm, take a look at regulators’ new “gatekeeper” expectations that now face corporate directors. This article is reprinted with permission from Corporate Board Member, First Quarter, 2016. I would like to thank Michael for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Michael’s guest post.
Continue Reading Guest Post: Managing Gatekeeper Anxiety

klein_dennis_web
Dennis Klein

The financial crisis generated a great deal of litigation, much involving the directors and officers of companies affected by the crisis. As the crisis recedes further into the past and as the litigation it generated winds down, it is worth taking a look at what happened to determine what can be learned from the litigation. In the following guest post, Dennis Klein of the Hughes Hubbard & Reed law firm provides an overview of what he views as the takeaways for corporate directors and officers from the financial crisis D&O litigation. A longer version of this article will appear in the April 2016 issue of The Review of Banking and Financial Services. I would like to thank Dennis for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this site. Please contact me directly if you would like to submit a guest post. Here is Dennis’s guest post.
Continue Reading Guest Post: Seven Lessons Learned from D&O Litigation During the Financial Crisis  

capitoldomeIt is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue and as a phenomenon, two U.S. senators have now introduced a bipartisan bill that would require publicly traded companies to disclose the cybersecurity expertise or experience that is represented on its board of directors or to disclose what other steps the company has taken to identify or evaluate nominees for this board level cybersecurity position.
Continue Reading Senate Bill Would Require Disclosure Concerning Corporate Boards’ Cybersecurity Expertise

Stark Photo
John Reed Stark
Fontaine
David Fontaine

It is well understood by now that cyber security is a concern for every organization and that it is an issue on which every company’s board should be focused. But what specifically should boards of directors be worried about and what questions should they be asking? In the following guest post, John Reed Stark and David R. Fontaine take a look at the ten cybersecurity concerns on which every board of directors should be focused. John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm.  David Fontaine is Executive Vice President, Chief Legal & Administrative Officer and Corporate Secretary of Altegrity, a privately held company that among other entities, owns Kroll’s data breach response services. The authors’ complete biographies appear at the end of the post. This article was previously published on CybersecurityDocket.com, an online global cybersecurity and incident response report, and a division of Docket Media.

I would like to thank the authors’ for their willingness to publish their article on this site. I welcome guest posts from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. The authors’ guest post follows.

*************************************

Every board now knows its company will fall victim to a cyber-attack, and even worse, that the board will need to clean up the mess and superintend the fallout.

Yet cyber-attacks can be extraordinarily complicated and, once identified, demand a host of costly responses. These include digital forensic preservation and investigation, notification of a broad range of third parties and other constituencies,[1] fulfillment of state and federal compliance obligations, potential litigation, engagement with law enforcement, the provision of credit monitoring, crisis management, a communications plan – and the list goes on.

And besides the more predictable workflow, a company is exposed to other even more intangible costs as well, including temporary or even permanent reputational and brand damage;[2] loss of productivity; extended management drag; and a negative impact on employee morale and overall business performance.

So what is the role of a board of directors amid all of this complex and bet-the-company workflow? Corporate directors clearly have a fiduciary duty to understand and oversee cybersecurity, but there is no need for board members (many of whom have limited IT experience) to panic.

Below we compile a list of ten cybersecurity considerations that provide a solid bedrock  of inquiry for corporate directors who want to take their cybersecurity oversight and supervision responsibilities seriously.[3]  This “cybersecurity top ten list” provides the requisite strategical framework for boards of directors to engage in an intelligent, thoughtful and appropriate supervision of a company’s cybersecurity risks.
Continue Reading Guest Post: Ten Cybersecurity Concerns for Every Board of Directors

At times of trouble, D&O insurance can represent the last line of defense for corporate directors. For that reason, corporate board members rightfully are concerned about their insurance and want reassurance that their company’s policy will provide them the protection they will need. Unfortunately, directors don’t always know the questions to ask and only find