Description
It is difficult to identify when an existing order will change, and when the combined effects of multiple, seemingly independent forces will collude to bring about something new. We are reminded of this when a disruptive technology enters a new field. Existing practices give way to new realities and a return to the comfortable “old” way seems unimaginable. While corporate law practitioners have become comfortable with the substantial discretion provided directors under Delaware’s interpretations of director duties and the business-judgment rule, a transformation of expectations concerning director oversight of cybersecurity and associated director liability is currently underway. To date, board oversight of cybersecurity has been less than effective. The National Association of Corporate Directors’ (“NACD”) 2012 conference featured a presentation that described an “IT confidence gap” and noted most directors between age 60 and 65 spend a majority of their professional lives in the pre-digital era. The NACD presentation also disclosed that less than 1% of Fortune 500 directors have been or are currently chief information officers (CIO’s) and that IT is highly technical and difficult for most directors to understand.2 Moving forward, corporate directors are well advised to anticipate that emerging technology forces and corporate law precedent will pressure courts and regulators to require directors to oversee cybersecurity with vigilance similar to that expected of legal compliance professionals. In this new era, increased cybersecurity-oversight duties and director liability are certain to lead to dramatic and important changes in corporate law. Their time will come—the question is when and by what means.
Reviews
There are no reviews yet.