When the President of the United States calls something “one of the gravest national security dangers that the United States faces,” it seems worthwhile to pay attention. The President’s statement, on February 12, 2014, was not referring to the dangers of war or terrorism, but to the threat of cyber attacks on the nation’s critical infrastructure and U.S. companies. Over the past couple of years, cybersecurity has become an important corporate governance issue, as recent cyber attacks, increased federal oversight, potential legal liability and economic risks have made paying attention certainly worthwhile.
Traditionally, cybersecurity has been a burden borne by management, but the board of directors of a company should also take an active role in implementing and coordinating reform. This article provides an overview of the current status of cybersecurity as it pertains to corporate governance, including regulations, policies, risks and recommendations for board action.