U.S. regulators this year are emphasizing the importance for corporate boards to take responsibility for cybersecurity, saying directors and officers who fail to do so could be held individually liable for any lapses that occur, attorneys said Tuesday during a webinar on the subject. This means boards must put in place the proper teams and prepare plans to prevent any breaches and to respond to any that may occur. Particularly in the last three to four months there has been intense focus by regulators on this subject, largely directed to directors and officers, said John Failla, a partner in Proskauer Rose’s insurance group.
Regulators are “trying to articulate responsibilities to board to prevent, address, mitigate and transfer risks for this issue,” said Mr. Failla. In the webinar, he cited a speech from Securities and Exchange Commission Commissioner Luis Aguilar in June 2014 in which he “made it abundantly clear” the SEC views boards as being a critical part of risk management in this area. “Boards need to work with management to assess cyber controls, to make sure they match up with or exceed federal frameworks” and to make sure directors are educated about risk and technology and take the time to address these issues. The Financial Industry Regulatory Authority and the Federal Trade Commission also are focused on this topic, he said. Read more here.