In a recent speech, SEC Commissioner Kara Stein commented on the importance of cybersecurity. The Commissioner noted that encouraging adoption of written policies and procedures, voluntary frameworks and non-binding guidance was not sufficient. She noted that boards of directors have a fiduciary duty to shareholders to monitor and oversee risk, including cybersecurity oversight. She seems to suggest that just as Commission rules require disclosure regarding financial experts, it would be reasonable for there to be some disclosure as to whether boards have an independent director with expert knowledge of technology and cybersecurity. Otherwise, boards should retain experts to provide advice. The Commissioner suggests independent directors meet with the company's chief information security officer at least twice a year in executive session. She notes that boards should assess company disclosures regarding cyber risks. Finally, she suggests that the board ought to consider how well prepared the company is to respond to a breach, the resiliency of its infrastructure, and the procedures that will be implemented to recover and resume operations.

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2018. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.