Cyber risk management is an increasingly important challenge for corporate directors. A corporate director’s responsibility for cyber risk management derives from the director’s duty of care, which requires a corporate director to exercise the care, skill and diligence of a reasonably prudent person in comparable circumstances. The duty of care requires a corporate director to proactively supervise corporate management and make informed, properly advised decisions.
Regulators, industry associations and other organizations have emphasized that corporate directors must be engaged and take an active role in their corporation’s cyber risk management activities, and must ensure that their corporation has appropriate policies and practices in place to manage cyber risks and to effectively respond to cyber incidents.
Corporate directors should take seriously their legal responsibility to proactively supervise corporate management, and make informed, properly advised decisions, regarding cyber risk management. Corporate directors can obtain helpful guidance from regulators, industry associations and other organizations.
Read more here.