Cybersecurity Oversight Liability

Abstract

A changing cybersecurity environment now poses a significant corporate-governance challenge. Although some cybersecurity data breaches may be inevitable, courts now increasingly consider when a corporation\u27s officers and directors may be held liable on theories that they acted in bad faith and failed to adequately oversee the corporation\u27s affairs. This short essay reviews recent derivative decisions and encourages corporate boards to recognize that in an environment filled with increasing threats, a reasonable response will require devoting real resources and attention to cybersecurity issues