Steps Directors and CIOs Can Take to Minimize Cyberattack Losses

Here are a few key points to consider:

You are the target

After a cyberattack, the plaintiff’s bar will doggedly allege that directors and officers helped contribute to the success of a cyberattack by being asleep at the switch. Directors and officers can therefore fully expect to be personally hit with shareholder derivative suits alleging a claim for breach of fiduciary duty and securities fraud class actions where the company’s stock price has plunged in the wake of a cyberattack, among other third party suits.

Right or wrong, directors and officers need to prepare immediately for such litigation. Failing to do so will only intensify the immense financial pain associated with the expensive and protracted litigation. Just as much effort therefore needs to be spent by directors and officers on documenting and justifying their cybersecurity measures as in choosing what steps to undertake. A key part of that will be utilizing lawyers as part of the cybersecurity planning process.

Just as much effort therefore needs to be spent by directors and officers on documenting and justifying their cybersecurity measures as in choosing what steps to undertake. A key part of that will be utilizing lawyers as part of the cybersecurity planning process.

Directors and officers should consider having outside counsel assist in the planning, review, and implementation of security policies. After all, the plaintiff’s lawyers are going to be all over the security decision-making process, so there is no reason why directors and officers shouldn’t have their lawyers help them build a record that shows reasonable behavior and due care.

Download: Steps Directors and CIOs Can Take to Minimize Cyberattack Losses