The assessment of a corporation’s cyber risks is part of a board of directors’ general risk oversight responsibilities. Since lawsuits, including class actions, are often commenced soon after a data breach, directors and officers should now consider that the board’s oversight of cyber risks may also be closely and thoroughly scrutinized in future litigation and regulatory investigations.
On October 20, 2014, a New Jersey Court dismissed a shareholder derivative suit that sought damages notably from the directors and officers of Wyndham Worldwide Corp. (“WWC”) for several data breaches[1]. This decision is the first decision issued in the US in a shareholder derivative claim arising out of data breaches. The decision is important and instructive for board members since it provides examples of approaches to cyber risk oversight which directors and officers may implement to help shield them from liability in the context of data breaches.
chief information officer
COBIT 5: a look at the update
Let’s spend a few minutes on the revised ISACA business framework for the governance and management of enterprise information technology known as COBIT 5.
The mobile workforce – it’s not coming; it’s here
Mobility is not just about technology anymore. However, chances are high that IT, specifically the CIO, will be responsible for any mobile initiatives within the company. So, CIOs need to take a broad view of mobility and understand the effect this technology will have on departments such as HR, sales, marketing, legal, security and facilities, as well as IT.
