July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

SEC Commissioner Confirms Cybersecurity as a Board-Level Concern

In a June 10, 2014 speech delivered at the New York Stock Exchange, SEC Commissioner Luis Aguilar addressed the important role of boards in overseeing cyber risk management. In his speech, Mr. Aguilar focused on what boards can do and should be doing to ensure that their rganizations are appropriately considering and addressing cyber risks. Mr. Aguilar emphasized the duties of boards, highlighting business interruption and the potential for reputational harm as posing serious threats to a company’s bottom line. According to Mr. Aguilar, boards have assumed greater responsibility for overseeing risk management efforts, and these efforts should include cybersecurity. Mr. Aguilar stated that, although the primary responsibility for risk management has historically belonged to management, a board is responsible for ensuring that a company has established appropriate risk management programs and for overseeing how management implements these programs. 

Mr. Aguilar also addressed the risk of shareholder lawsuits if boards choose to minimize or ignore their cybersecurity oversight responsibilities. Mr. Aguilar urged boards to take a proactive approach to mitigating liability exposure. In discussing what boards can do and should be doing on cybersecurity issues, Mr. Aguilar cited a February 2014 report from the National Institute of Standards and Technology, entitled “Framework for Improving Critical Infrastructure Cybersecurity” (NITS Framework) stating that it is a place for a board to begin in assessing a company’s cybersecurity readiness. He stated that the NITS Framework is intended to provide companies with a set of industry standards and best practices for managing cybersecurity. 

The NITS Framework is available here

© 2020 Vedder PriceNational Law Review, Volume IV, Number 193


About this Author

Vedder Price P.C. attorneys provide a full range of services to a diverse financial services clientele. Attorneys practicing in the firm’s Investment Services Group are experienced in all aspects of investment company and investment adviser securities regulations, broker-dealer regulatory and compliance matters, derivatives and financial product matters, and ERISA and tax matters. Clients include mutual fund complexes, hedge and other private funds, money managers, broker-dealers, independent directors, and many other types of institutions such as banks, savings and loans,...