The first article in this three-part series discussed how legal principles governing directors’ fiduciary duties may be applied to cybersecurity and the risks posed by cyber attacks. To summarize, Delaware’s corporate law places an affirmative obligation on fiduciaries to keep informed of serious risks facing the enterprise. The failure to exercise appropriate oversight in the face of known risks constitutes a breach of the duty of loyalty, a breach that cannot be exculpated under 8 Del. C. §102(b)(7).
In Part II of this series, we explore the “red flags” placing directors on notice of their obligation to proactively manage cyber security risks, and that expose a complacent board to costly litigation and the specter of personal liability. When evaluating whether a particular issue warrants board consideration, directors and officers should look at the nature of the risk, its potential impact on the company, and the extent to which the risk is foreseeable.
It is no surprise
This article is only available in full to Compliance Complete
North America Subscribers who are logged in.
Please log in to see if you can view this content.