Cydney Posner, PubCo @ Cooley, July 22, 2015

As reported in the WSJ, the National Association of Corporate Directors advises that boards ask their companies’ chief information security officers some pointed questions about cybersecurity risks. Often, boards just ask whether the company is vulnerable to cyberattacks like those recently experienced at the U.S. Office of Personnel Management and at a number of private companies. But that’s not likely to be effective, the NACD argues. Why not? Because no security system is perfect and all companies are vulnerable to some extent. Instead, the NACD recommends, boards should focus on decreasing the risk of attack as well as understanding the process that is in place to manage a cyberattack should one occur. […read more]