A board member is a serious role that holds specific duties and responsibilities. Those include being “duty-bound to oversee its overall cybersecurity management, including appropriate risk mitigation strategies, systems, processes, and controls.”
سپوکین، واش۔ (PRWEB)
دسمبر 07، 2022
In the past year, 45% of US companies have experienced a data breach.[1] On average, there is a cyber attack every 39 seconds.[2] No company is totally secure. And now, every board member can be held responsible for breaches. Never before has it been so important for Board Members to be aware of their organization’s cybersecurity.
Being a board member is a serious role that holds specific duties and responsibilities. Those include being “duty- bound to oversee its overall cybersecurity management, including appropriate risk mitigation strategies, systems, processes, and controls.”[3] Drip7’s Founder and CEO ہیدر سٹریٹ فورڈ works with leaders across industries preparing them in order to both secure their organization and protect board members from legal repercussions.
Leaders of organizations that are attacked can be subject to lawsuits and may stand trial when they don’t meet their fiduciary and oversight responsibilities. The 1996 landmark decision in Caremark, established a legal framework for holding directors personally liable.
Yahoo was the first large breach to have their board of directors held liable based on the Caremark decision. After Yahoo had two large data breaches, exposing over one billion user accounts, the California Supreme Court approved a 29 million dollar settlement in consolidated derivative litigation brought against the directors and officers of Yahoo, Inc.
Currently, there are several high-profile cases underway that are arguing to hold the board of directors liable under these same legal precedents. SolarWinds had a recent breach that names both current and past board of directors in the lawsuit as defendants.[4]
INCREASED CYBERSECURITY REGULATIONS ON THE HORIZON
Increasing regulations on both federal and state levels dealing with cybersecurity will force the evolution of the role of board members. In 2022, the SEC proposed new rules for cybersecurity as did the New York Department of Financial Services (NYDFS). More agencies and states will follow suit.
The Caremark case set a legal precedent that is being used increasingly in litigation. Present and past board members should be aware that they can be held personally liable in the event of a cyber breach. Understanding more about cybersecurity and spending more time with the CIO and IT team are a step toward ensuring more care and focus is placed on critical safeguards within an organization.
WHAT EVERY BOARD MUST DO
Heather Stratford, Founder and CEO of Drip7, speaks to boards regularly to help them improve their cyber posture and understanding. Here are 7 actions she recommends for every board of directors:
- Have an annual cybersecurity training at the board level.
- Have a regular IT update specifically on cybersecurity activity and monitoring, including a review of the last vulnerability assessment.
- Understand the key areas of the business that are critical to operation and what personal data the company holds and where.
- Determine when employee training is required. It should be consistent, reinforced, and at least monthly.
- Review the privacy and compliance standards for the organization’s specific industry and where the organization ranks.
- the main levels of the NIST framework and how the organization is matching up to the framework
- Review reports of areas noted in any penetration testing activities.
Board of director members need to protect themselves. They can be held personally liable for cyber breaches. Federal and state regulations are tightening to address the growing frequency and impact of cyberattacks. Boards of directors must learn to oversee cybersecurity and compliance practices appropriate to their industry. If you have not implemented all of these steps, حاصل کرلیا to Drip7 and Heather Stratford to learn more about protecting yourself and your organization.
ABOUT DRIP7
ڈرپ7 سائبرسیکیوریٹی بیداری کی تربیت کے میدان میں اور اس سے آگے ایک استعمال میں آسان، موبائل پر مبنی پلیٹ فارم کے ساتھ مائیکرو لرننگ اور گیمیفیکیشن کا استعمال کرتے ہوئے ملازمین کی مصروفیت کو بڑھانے اور رویے میں تبدیلی پیدا کرنے کے لیے ایک سرکردہ اختراع کار ہے۔ Drip7 ایک اعلی تربیتی پلیٹ فارم تیار کرنے کے لیے صحیح سائنس اور مواد کو یکجا کرتا ہے، روزانہ ایک سوال یا "ڈرپ" سے ملازمین کو تربیت دینے کی اجازت دیتا ہے کہ وہ اپنے فون یا کمپیوٹر پر جب اور کہاں چاہیں، Drip7 صارفین کو ایک انٹرایکٹو ڈیش بورڈ، انعامات، بیجز کے ساتھ مشغول کرتا ہے۔ ، اور مزید. شامل تربیت سائبرسیکیوریٹی اور تعمیل پر مرکوز ہے۔ تاہم، کسی بھی تربیتی ضرورت کے لیے پلیٹ فارم کو کمپنی اپنی مرضی کے مطابق بنا سکتی ہے۔ مزید معلومات کے لیے، براہ کرم ملاحظہ کریں۔ https://drip7.com/.
ہے [1] https://www.comparitech.com/blog/vpn-privacy/data-breach-statistics-facts/
ہے [2] https://securityaffairs.co/wordpress/138507/security/board-directors-liability-for-cyberattack.html
ہے [3] deloitte.com/in/en/pages/risk/articles/the-changing-role-of-the-board-on-cybersecurity-noexp.html
ہے [4] https://advisorsmith.com/business-insurance/cyber-liability-insurance/risks-for-directors-and-officers/#why-care
سوشل میڈیا یا ای میل پر مضمون کا اشتراک کریں:
