Regulating Cybersecurity in Corporate America. Specific Reference to Corporate Espionage.

Abstract

In the wake of cyberattacks against corporations, directors are expected to have become well aware of the fact that cybersecurity is a critical part of the corporate framework. Cybersecurity may be defined as the processes and technologies construed to protect computers, computer hardware, networks and data from unauthorized access by cyber criminals and hackers. With recent attacks such as the Target Corporation in December 2013, Adobe Systems, Inc. in 2013, and Snapchat in January 2014, boards of directors ought to cite cybersecurity as their most imperative risk related concern. Generally speaking, those who manage a corporation must answer to the shareholders, the true owners of the corporation. When a data breach occurs, the board of directors is faced with regulatory and litigation risks on the basis that the directors have violated their fiduciary duties, such as the duty of oversight, by failing to place adequate safeguards in place to protect valuable information belonging to the corporation, whether financial information or customer information. Thus, directors are named as individual defendants. With the continuous and rapid growth of sophisticated cyberattacks on American corporations, quick attempts by corporations should be taken to secure sensitive and confidential data relating to the corporation itself and its customers. By having a well-informed, involved, and focused board of directors, corporate governance can be performed properly, and as a result the corporation and its shareholders’ assets will be protected. The Board’s duty of oversight over cyber risk management is vital in ensuring that corporations are adopting adequate steps to prepare and prevent the various harms that could result from a cyberattack. Ultimately, given the rapid evolvement of cyberattacks and the conduct of corporate espionage, directors should understand that there is no other substitute but to be well prepared and engaged with cybersecurity risk management, as well as their supervision of the corporation’s measures in addressing and mitigating these risks.