Cybersecurity and the risks of data breaches figured prominently at the 35th Annual Ray Garrett Corporate and Securities Law Institute held April 30, 2015, at Northwestern Law School in Chicago. Participating in a panel addressing Cybersecurity and Data Breach: The New Reality for Directors and Those Who Advise Them, Reed Smith partner Mark Melodia and several other panelists engaged in a wide-ranging discussion of effective board oversight of cybersecurity challenges facing their companies. Notably, this was the first time that cybersecurity issues were the sole focus of a Garrett Institute panel.
During his remarks, Mark stressed that boards must be engaged in oversight of a company’s cybersecurity enterprise risk management, as well as crisis management. In a widely publicized June 2014 speech given by Securities and Exchange Commissioner (SEC) Luis Aguilar, the commissioner threw down the gauntlet to directors of public companies, telling them that they needed to become active participants in overseeing their companies’ cybersecurity planning and preparation. As he put it, “directors should take seriously their obligation to make sure that companies are appropriately addressing [cyber risks].”