10 Crucial Steps to Reduce Cyberthreats in the Boardroom

10 Crucial Steps You Should Take Now to Reduce Cyberthreats in the Boardroom

The rise in the number of data breaches against businesses has also resulted in a growing number of lawsuits filed against directors and officers.

Colleagues at business meeting in conference room

Headlines about data breaches impacting businesses including national retail chains, restaurants and banks are more common than ever.

In a recent survey by global specialty insurer Argo Group, 63 percent of small and medium-sized enterprises reported suffering at least one cyber incident – such as a data breach, spear-phishing attack, or lost or stolen laptop – during the past 12 months.

Cyberthreats are also having a big impact in the boardroom. You’re seeing shareholders suing directors and officers alleging breach of fiduciary duty or other wrongdoing following a cyberattack. Here’s what they need to do.

Steps directors and officers should take now to mitigate cyber risks 

  1. For starters, make sure you have a comprehensive cyber insurance policy. Surprisingly, according to Argo’s survey, nearly six in 10 small and medium-sized enterprises still don’t have one.
  2. If you have cyber insurance, be sure to review your coverage regarding security incidents and protection of the company’s brand, information assets, and other assets. That also includes reviewing your D&O insurance policy.
  3. Hire a chief information security officer who can engage outside technical experts to conduct regular assessments and educate officers and board members on data security.
  4. Appoint a board committee to focus on data protection.
  5. Have the board regularly address and deliberate on issues of data security, making sure to document their deliberations.
  6. Adopt a security plan that is tailored to the company’s risk profile, which you should review and assess as needed in response to specific threats.
  7. Hold information and training sessions to increase awareness at all corporate levels.
  8. Conduct peer analysis with organizations that hold similar types of information.
  9. Have a customer notification plan and procedures in place.
  10. Learn and adapt if your company’s data security is breached so you’ll be better prepared next time.

About the Author

Based in New York City, Rich Edsall is senior vice president, commercial management liability at Argo Pro. He is tasked with growing Argo’s Public and Private Company books of business. Rich was previously senior vice president of Chubb Insurance, focusing on directors and officers liability products. Rich is also a member of the Professional Liability Underwriting Society (PLUS).

About Argo Pro

Argo Pro, a member of Argo Group, is a leading provider of professional lines insurance products and services that can accommodate medium and large organizations on an admitted and nonadmitted basis. Through a single operating platform and a robust network of appointed wholesale and retail distribution partners, Argo Pro offers a broad, customizable portfolio of errors and omissions and management liability insurance solutions. Argo Pro maintains offices in Chicago, New York City, San Francisco, Scottsdale and Hamilton Township (New Jersey).