With breaches of nearly 150 million Americans’ personal information flooding the news the last few weeks, followed by the filing of more than 50 class action lawsuits to date, and the announcement of an FTC investigation, cybersecurity is squarely on the minds of and on the table in boardrooms across the country. On September 14, 2017, Reed Smith was pleased to host Dawn-Marie Hutchinson, Executive Director with Optiv’s Office of the Chief Information Security Officer, to talk about the latest trends in information security and to support boards in this important emerging area. Coming out of the webinar, one of the most important questions that came up was not so much “What should boards do?” but what are boards actually doing, and how boards and executives can benchmark.
Importantly, this is an issue that has been closely monitored by and extensively analyzed by the National Association of Corporate Directors (“NACD”). Not only has the group surveyed directors, but it has also written a handbook with extensive guidance for officers and directors. The guidance comes at a very critical time as the market has been flooded with white papers and other guidance for information security pros and CIOs on how to talk to boards about cybersecurity risk. At the same time, boards are asking among themselves and their advisers, what they should do or be doing. The NACD identified five things it believes boards should be doing. These activities include: Continue Reading