CEOs Take Control of Cybersecurity

Why Does the CEO Need to Take Control of Cybersecurity?

Your CEO and board of directors are the legal owners of your IT systems. They are legally accountable for cybersecurity. They are accountable to parties that share confidential information with you. This includes:

  • Customers
  • Shareholders
  • Investors
  • Patients
  • Joint Venture Partners
  • Limited and General partners
  • ERISA employees and others who entrust data with your firm.

Learn How Key Leaders Demonstrate Due Diligence 

If you are attacked, your CEO and board of directors may need to defend themselves personally in court. Stakeholders will seek accountability if their confidential data is compromised.  The CEO is uniquely, personally accountable to stakeholders as a fiduciary. With regard to cyber security, the CEO has a personal, legal duty to put stakeholders' interests ahead of their  own. In the eyes of the law, the CEO and Board  are the human embodiment of the organization.  To defend a claim that fiduciary duty was breached, a CEO must prove that he or she exercised due diligence over IT cyber security.

What if a CEO Fails to Exercise Due Diligence?

As the articles in this website's CEO News make clear,  there is a growing trend to treat CEO liability as a personal matter.  Prior to the 2010  Enron scandal,  CEOs and directors could rest assured that the corporate veil could shield them from personal responsibility for damages resulting from unreasonable risk-taking and wrongdoing in the corporate name.   The Sarbanes–Oxley Act of 2002 (SOX) was passed to address the issue of CEO liability for corporate malfeasance. While SOX is specifically directed toward the accuracy of financial information, it reflects a growing trend demanding CEO personal responsibility for corporate acts. Corporate executives and boards that are relying on Supreme Court cases like Citizen's United as a shield against corporate malfeasance are misreading the law to their own peril.

How Does TEMVI Help CEOs and Board Members

TEMVI helps CEOs and board members understand their legal duties around cyber security and teaches them how to manage the senior executive team according to recognized cybersecurity models. Our counsel helps CEOs protect:

  • Assets from cyber-related legal claims
  • Personal and professional reputation
  • Freedom from civil and criminal liability
  • Insurance claims and insurability around cyber incidents

What Is the Key to Limiting the CEO's Legal Liability From Cyber Attacks

The key to limiting liability from cyberattacks is active management of the CEO's senior executive team. Active management includes prioritizing and measuring progress toward specific cybersecurity goals for all of the CEO's direct reports (i.e. technology and non-technology executives).  Our services are provided directly to the CEO and board:

  • From an executive leadership perspective
  • Based on your business plan, market and industry
  • According to your business priorities
  • In plain business English

How is TEMVI Different From My Current IT Cybersecurity Provider

In our experience, your IT provider is likely doing an adequate job.  However, most CEOs and boards would be hard pressed to explain why or what they are doing. IT and cybersecurity are--in many ways--a "black box". In most cases, CEOs and boards are trusting their IT team. However, your IT provider is neither qualified nor legally permitted to offer legal opinions on issues like legal  cyber risk and liability.  Nor should your IT team evaluate their own work. Unlike IT operations, flaws in cyber security are invisible to system users. You will only know that your trust was misplaced after an attack. The worst part is that following an attack the IT team simply moves on to another job. The CEO and board of directors will be left to grapple with the consequences of the cyber attack. 

TEMVI provides leaders with:

  • A legally reliable legal opinion on cyber risk based on established cyber security standards of care and applicable law
  • Direct advice to the CEO and Board
  • Advice at reasonable, fixed fees that are proportional to your organization's revenues