Boardroom Flash Vol. 7/2019: NACD Advisory Council Discusses the Board’s Role in Crisis Preparation & Overseeing Cyber Risks in a Complex Regulatory Landscape
CG News Update Vol. 7
NACD Advisory Council Discusses the Board’s Role in Crisis Preparation
July 9, 2019 By Leah Rozin
In today’s world of real-time communications, companies are now expected to respond immediately to emerging crises, and boards are feeling more pressure to ensure that their companies can navigate effectively through challenging crisis moments. Peter Gleason, NACD president and CEO, explains, “Boards have always provided oversight of crisis response plans, but the key difference today . . . is [that] with the advent of social media, the window for response time has all but disappeared. It’s critical for directors to engage with management on a regular basis to discuss the outline of the crisis response plan.”
The 2019 NACD Public and Private Company Governance Surveys find that less than a third of companies have delineated roles for the board and management in their crisis preparation plans, while fewer than 20 percent indicated that they’ve assessed the effectiveness of early-warning capabilities—a critical aspect of crisis preparedness.
While each crisis is unique, there are leading practices boards can adopt to improve their governance of crisis readiness. To help directors prepare for this issue, NACD, Heidrick & Struggles, and Sidley Austin LLP cohosted a meeting of the NACD Nominating and Governance Committee Chair Advisory Council—comprising Fortune 500 company nominating and governance committee chairs and lead directors—on April 24, 2019, in Washington, DC. The meeting was held using a modified version of the Chatham House Rule, under which participants’ quotes (italicized) are not attributed to those individuals or their organizations, with the exception of cohosts.
Participants identified three important benefits of effective board-management dialogue on crisis planning and preparation: (Read more click)
Overseeing Cyber Risks in a Complex Regulatory Landscape
July 18, 2019 By David Ross
Organizations face increasing cybersecurity risks and threats to their customers, financial information, operations and other data, processes, and systems—and state and federal governments are alert to the threats imposed on their constituents. To understand just how widespread concerns about these risks are, look no further than the abundance of cybersecurity legislation that is currently on the dockets of state legislatures across the country.
For example, California, New Jersey, Washington, and Illinois are among the latest states to enact breach notification legislation that will significantly impact businesses operating in those jurisdictions by defining whether, when, how, and to whom notifications of a breach must occur. Some of these laws are going into effect just months after being signed and the cost of noncompliance can be severe (in California, fines are assessed per record breached).
As stewards of the strategy, finances, reputation, and overall direction of an organization, corporate directors have an important role to play in ensuring adequate policies and protections are in place to answer the demands of such regulations—and that their whole board is ready to meet the oversight demands of new regulations.
Directors are in a position to provide the leadership and strategic direction necessary to help their organizations balance the need to safeguard information, minimize disruption in case of an attack or breach, provide transparency, and manage a sustainable cybersecurity program with competing strategic priorities.
There are four key steps boards should take to ensure adequate cybersecurity program development and oversight in response to emerging regulations and threats: (Read more click)
Sponsored by
|