Why Does the CEO Need to Take Control of Cybersecurity?
Your CEO and board of directors are the legal owners of your IT systems. They are legally accountable for cybersecurity. They are accountable to parties that share confidential information with you. This includes:
Learn How Key Leaders Demonstrate Due Diligence
If you are attacked, your CEO and board of directors may need to defend themselves personally in court. Stakeholders will seek accountability if their confidential data is compromised. The CEO is uniquely, personally accountable to stakeholders as a fiduciary. With regard to cyber security, the CEO has a personal, legal duty to put stakeholders' interests ahead of their own. In the eyes of the law, the CEO and Board are the human embodiment of the organization. To defend a claim that fiduciary duty was breached, a CEO must prove that he or she exercised due diligence over IT cyber security.
What if a CEO Fails to Exercise Due Diligence?
As the articles in this website's CEO News make clear, there is a growing trend to treat CEO liability as a personal matter. Prior to the 2010 Enron scandal, CEOs and directors could rest assured that the corporate veil could shield them from personal responsibility for damages resulting from unreasonable risk-taking and wrongdoing in the corporate name. The Sarbanes–Oxley Act of 2002 (SOX) was passed to address the issue of CEO liability for corporate malfeasance. While SOX is specifically directed toward the accuracy of financial information, it reflects a growing trend demanding CEO personal responsibility for corporate acts. Corporate executives and boards that are relying on Supreme Court cases like Citizen's United as a shield against corporate malfeasance are misreading the law to their own peril.
How Does TEMVI Help CEOs and Board Members
TEMVI helps CEOs and board members understand their legal duties around cyber security and teaches them how to manage the senior executive team according to recognized cybersecurity models. Our counsel helps CEOs protect:
What Is the Key to Limiting the CEO's Legal Liability From Cyber Attacks
The key to limiting liability from cyberattacks is active management of the CEO's senior executive team. Active management includes prioritizing and measuring progress toward specific cybersecurity goals for all of the CEO's direct reports (i.e. technology and non-technology executives). Our services are provided directly to the CEO and board:
How is TEMVI Different From My Current IT Cybersecurity Provider
In our experience, your IT provider is likely doing an adequate job. However, most CEOs and boards would be hard pressed to explain why or what they are doing. IT and cybersecurity are--in many ways--a "black box". In most cases, CEOs and boards are trusting their IT team. However, your IT provider is neither qualified nor legally permitted to offer legal opinions on issues like legal cyber risk and liability. Nor should your IT team evaluate their own work. Unlike IT operations, flaws in cyber security are invisible to system users. You will only know that your trust was misplaced after an attack. The worst part is that following an attack the IT team simply moves on to another job. The CEO and board of directors will be left to grapple with the consequences of the cyber attack.
TEMVI provides leaders with: