Grant / January 2020

Cybersecurity and Corporate Governance

Cybersecurity is a major risk area for the private sector. Corporate directors are concerned with how they can protect themselves and their companies against cyber attacks and the potential liability associated with such attacks. This project will explore cybersecurity as a corporate governance issue; it will identify challenges corporate boards are likely to face over the next decade and the tools and resources available to assist them. Our research will address several key questions: (1) what are the potential legal liabilities of directors and managers in connection with cyber attacks?; (2) what best practices can corporate boards employ to protect themselves and their companies? ; and (3) are there gaps in cyber protection that corporate leaders may be overlooking? To answer these questions, we will work with industry leaders to conduct a survey of current corporate cybersecurity practices and determine how they may or may not satisfy the fiduciary duties of corporate directors. This survey also will explore gaps in cyber protection and actions that corporate leaders may be failing to take to protect their companies and avoid liability.