Andrea Vittorio, Jake Holland, 15 April 2021
Corporate boards, in the wake of cyberattacks on software providers SolarWinds Corp. and Microsoft Corp., are seeking out expertise from consultants, lawyers and associations that offer cybersecurity training—an oversight boost that could cushion them legally in the event they’re sued or penalized by regulators after a breach.
The recent hits have forced boards of directors to rethink cybersecurity challenges and their potential ripple effects as companies face mounting legal and reputational risks from costly hacks. The attacks also show how cyber incidents in a connected system can quickly spread to contaminate thousands of companies at once.
“That’s a risk that hackers are exploiting because most companies aren’t paying attention to it,” said Bob Zukis, founder and CEO of the Digital Directors Network, a group that’s building a pool of technology executives that can sit on corporate boards. “It’s new. They don’t know how to approach it.”
But boards that demonstrate they’re acting thoughtfully and proactively to boost cybersecurity could better thwart legal claims, attorneys say.
Scrutiny of board oversight comes as policymakers are also paying more attention to cyber-risk. They are calling for more coordination between the public and private sectors and have floated a new requirement to report breaches to the federal government.