Saturday, October 26, 2013

Cyber Issues for Board and Chief Legal Officers

As my friends will tell you I am a voracious reader -- especially when it comes to cyber and physical security, supply chain security, critical infrastructure protection and industrial controls systems (ICS) security.  This past week I was catching up on my "to be read" pile and found a fantastic article I'd like to post.

Please take a moment to check out this web page -- Government Technology and Services Coalition -- otherwise known as GTSCFrom their website: "The Government Technology & Services Coalition (GTSC) is a nonprofit 501 (c)(6), non-partisan association of innovative, agile small and midsized company CEOs that create, develop, and implement solutions for the Federal homeland and national security sector."

On the GTSC Blog there was a really well done article by Divonne Smoyer, Brian E. Finch, and Emanuel Faust, Partners, Dickstein Shapiro LLP.  The blog is entitled "Ten Cyber Issues Board and Chief Legal Officers Need to Know (and Worry) About."

Of course when I saw the word "cyber" and the focus on Boards of Directors and Chief Counsels I immediately wanted to read it...and it was worth the time.

Ok, what are the 10 issues they want Board members to recognize?  Here they are in brief:

  1. The stakes to share value and the bottom line are high.
  2. The hackers are two steps ahead of you already.
  3. Cyber and data loss threats pose merger risks.
  4.  Lost or stolen intellectual property or customer or employee information can turn a deal from sweet to sour.
  5.  There is a maze of state and Federal data protection and data loss notification requirements to navigate.
  6. The failure to be fully informed of and proactive against cybersecurity and data loss risks could lead to litigation.
  7. If the breach doesn't get you, the litigation will.
  8. There are Federal programs available to help mitigate corporate liability through the SAFETY* act.
  9. Insurance coverage is available through traditional or tailored policies.
  10.  Outside counsel comes with the benefit of attorney-client privilege.

Many thanks to Mr. Finch, et al, for their insights.  It was quite interesting and validated my own opinion -- and I believe my friend Andy Bochman's opinion -- that the Directors and Chief Counsels need to be attuned to cyber security issues since these issues can -- and will -- affect their business.


* SAFETY ACT Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 (known as the SAFETY Act). This law provides tort liability protections for products and services that can be used to detect, defend against, or respond to cyber attacks. It is essential that boards and their legal advisors be aware of these programs and assess their applicability to cybersecurity products and services they either procure or deploy on their own.