Director Oversight of Data Security Issues

As any legal counsel should do, legal advice regarding any security measure for a corporation’s private information is paramount. Advising the board of directors of a company to pay close attention to data security issues cannot be forgotten since the stakes are too high for a board to ignore.

The board of any company must constantly monitor and assess its company’s data security procedures and potential risks. Although there is no strategy to prevent a security breach, each member of a board must exercise its fiduciary duty to consider the risks to a company that, for example, a data breach can bring. To the credit of many companies in the last several years, the assessment of data security risks has achieved a more pronounced position.

Broad surveys of directors for many major companies regarding this issue provide a heightened sense of awareness for American companies. Moreover, this begs the question: regardless of the type of company it is, isn’t every company now a tech company given the uniform obligation of every company to have cyber security measures in place?

For instance, he risk of cyber attacks is not at an all-time high of 83% probability. A company’s annual IT budget can be near 67% of its total. How the company uses social media and other emerging technologies is at a general rate of 49%, which opens the door to other threats as well.  This is concerning given the fact that almost 40% of companies consider It strategy/background as the primary attribute for an incoming board member. Unfortunately, on 65% of board members in the United States say that cyber security measures are a minor issue for the company’s bottom line but are still considered important. 

American companies cannot hesitate about the importance of addressing data security, information governance, and “big data” issues. Eventually, one should expect to see the “director attribute” figures for IT strategy and cyber risk expertise rise among corporate directors and at the forefront of director meetings and budget considerations.  At the least, if you do or do not have a board of directors, any entity’s governing body and leadership need to take data security serious given the numerous claims and liability that a company can face for not securing information provided to it by third parties.

Aside from on-site safeguards, as a side note, company contracts must also indicate the risks assumed and shifted, whether in limitation of liability, indemnification, or warranties.  All of these matters need serious attention now and for the future as technology expands hackers find new ways to breach data protocols.