In the following guest post, Paul Ferrillo of the Weil Gotshal law firm and Christophe Veltsos, CISSP, CISA, and CIPP, and an Associate Professor at Minnesota State University, Mankato, take a look at a recent NASDAQ survey of corporate officials in multiple countries on the topic of cybersecurity accountability. As Paul and Christophe detail, there is reason to be concerned about the apparent lack of cybersecurity literacy, awareness and risk assessments among corporate officials surveyed. The authors also take a look at the steps companies can take to address these concerns.
I would like to thank Paul and Christophe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chrisophe’s guest post.
Continue Reading Guest Post: Grading Global Boards of Directors on Cybersecurity
It is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue and as a phenomenon, two U.S. senators have now introduced a bipartisan bill that would require publicly traded companies to disclose the cybersecurity expertise or experience that is represented on its board of directors or to disclose what other steps the company has taken to identify or evaluate nominees for this board level cybersecurity position.
We are long past the point where cybersecurity can be treated like an emerging, obscure or peripheral issue. The fact is that cybersecurity is now an important concern for every organization and enterprise. For that reason, cybersecurity is also now an important concern for everyone responsible for protecting and guiding those organizations and enterprises, including in particular corporate directors and officers. In the current environment, there is no shortage of advice available for these corporate officials as they seek to understand and fulfill their responsibilities to their organizations. Indeed the sheer volume of information available can be confusing or even overwhelming. Fortunately, there is now a single volume guide available to help corporate directors address their organization’s cybersecurity exposures and needs. The new book by 
On September 22, 2015, in what 
On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham Worldwide Corp. and related entities alleging that the company and its affiliates had failed to make reasonable efforts to protect consumers’ private information. This ruling confirms that, in addition to the disruption and reputational harm that may follow in the wake of a successful cybersecurity, companies may also face a regulatory action from the FTC as well, as discussed further below. The Third Circuit’s opinion can be found 