On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.
As boards of directors examine the risks that their companies face, corporate cybersecurity issues loom large. Forty-eight percent of directors (and 55 percent of general counsel) cited data security as their top concern in a recent study by Corporate Board Member/FTI Consulting. These numbers have roughly doubled since 2008, when only a quarter of directors and general counsel cited data security as a major concern. With revenues, intellectual property, business relationships and customer confidence potentially at stake, directors should consider whether their companies and management teams are adequately addressing the growing threat of cybersecurity in the new high-tech landscape.
Cybersecurity risk is a difficult and intimidating topic for corporate boards to consider. However, it is important to keep in mind that cybersecurity risk is only one of many areas of risk that are overseen by boards of directors and that, in most cases, the usual strategies and procedures for evaluating and managing risk can apply. Directors are not expected to be experts in this area and are entitled to rely upon management and outside experts for information and advice. Nonetheless, directors should request that management reports to the board on the steps the company is taking to mitigate cyber threats, and directors should consider whether the company is appropriately assessing its risks and devoting adequate resources to the issue. The business judgment rule remains the standard for evaluating decisions taken by a board in this area.
I understand today’s participants include a number of trustees and asset managers for some of the country’s largest public and private pension funds. Without a doubt, pension funds play an important role in our capital markets and the global economy. This is due, in part, to the fast growth in pension fund assets, both in the public and private sectors.
For example, since 1993, total public pension fund assets have grown from about $1.3 trillion to over $4.3 trillion in 2011. Over that same period, total private pension fund assets more than doubled from roughly $2.3 trillion to over $6.3 trillion by 2011. As of December 2013, total pension assets have reached more than $18 trillion. This growth was fueled by many factors, including the rise in government support of retirement benefits, and the increased use by companies of pension plans as a way to supplement wages.
I am pleased to be here and to have the opportunity to speak about cyber-risks and the boardroom, a topic that is both timely and extremely important. Over just a relatively short period of time, cybersecurity has become a top concern of American companies, financial institutions, law enforcement, and many regulators. I suspect that not too long ago, we would have been hard-pressed to find many individuals who had even heard of cybersecurity, let alone known what it meant. Yet, in the past few years, there can be no doubt that the focus on this issue has dramatically increased.
The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. 
Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million).  Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” 
We analyzed the terms of 156 venture financings closed in the first quarter of 2014 by companies headquartered in Silicon Valley.
Overview of Fenwick & West Results
Valuation results in 1Q14 were very strong.
- Up rounds exceeded down rounds 76% to 8% with 16% flat. The 68 point difference between up and down rounds was the largest since 2Q07, when the spread was 70 points
- The Fenwick & West Venture Capital Barometer™ showed an average price increase of 85%, a significant increase from 57% in 4Q13.
- The median price increase of financings in 1Q14 was 52%, a significant increase from 27% in 4Q13 and the highest amount since we began calculating medians in 2004.
- Software and internet/digital media continued to be the strongest industry sectors, with life science, cleantech and hardware lagging but showing respectable results. The percentage of all financings that are for software companies has trended up in recent years, hitting 45% in this quarter.
- The use of senior liquidation preference fell for the third quarter in a row, an indication of companies having leverage in negotiations with investors.
It is still early days, but here is what we are seeing as the 2014 proxy season unfolds:
Institutional investors promote governance reforms and engagement efforts. Prior to the season Vanguard sent letters to S&P 500 companies seeking adoption of annual director elections, majority voting and the right of holders of 25% of the common stock to call special meetings. It was an unusually public move for a large institutional investor that, like others of its kind, tends to engage in quiet diplomacy. Also unusual was the call for universal adoption of this set of governance practices, in contrast to the case-by-case approach traditionally taken by institutional investors. It may signal that, at least on the governance side of these institutions, these practices are now viewed more as accepted norms than as just best practices. But there remains a disconnect between the governance and investment sides, as we continue to see institutional investors participate in IPOs for companies with none of these provisions.
Corporate risk taking and the monitoring of risks have remained front and center in the minds of boards of directors, legislators and the media, fueled by the powerful mix of continuing worldwide financial instability; ever-increasing regulation; anger and resentment at the alleged power of business and financial executives and boards, including particularly as to compensation during a time of economic uncertainty, retrenchment, contraction, and changing dynamics between U.S., European and emerging market economies; and consistent media attention to corporations and economies in crisis. The reputational damage to boards of companies that fail to properly manage risk is a major threat, and Institutional Shareholder Services now includes specific reference to risk oversight as part of its criteria for choosing when to recommend withhold votes in uncontested director elections. This focus on the board’s role in risk management has also led to increased public and governmental scrutiny of compensation arrangements and their relationship to excessive risk taking and has brought added emphasis to the relationship between executive compensation and effective risk management. For the past few years, we have provided an annual overview of risk management and the board of directors. This overview highlights a number of issues that have remained critical over the years and provides an update to reflect emerging and recent developments.
As a practicing securities lawyer for more than thirty years, I have in the past advised boards of directors, including mutual fund boards, and I am well acquainted with the important work that you do. I also understand the essential role that independent directors play in ensuring good corporate governance. As fiduciaries, you play a critical role in setting the appropriate tone at the top and overseeing the funds’ business. Thus, I commend the Mutual Fund Directors Forum’s efforts in providing a platform for independent mutual fund directors to share ideas and best practices. Improving fund governance is vital to investor protection and maintaining the integrity of our financial markets.
Good morning. I am very honored to be giving the welcoming remarks and to offer a few perspectives from my first 10 months as Chair. Looking back at remarks made by former Chairs at this event, the expectation seems to be for me to talk about the “State of the SEC.” I will happily oblige on behalf of this great and critical agency.
In 1972, 42 years ago at the very first SEC Speaks, there were approximately 1,500 SEC employees charged with regulating the activities of 5,000 broker-dealers, 3,500 investment advisers, and 1,500 investment companies.
Today the markets have grown and changed dramatically, and the SEC has significantly expanded responsibilities. There are now about 4,200 employees—not nearly enough to stretch across a landscape that requires us to regulate more than 25,000 market participants, including broker-dealers, investment advisers, mutual funds and exchange-traded funds, municipal advisors, clearing agents, transfer agents, and 18 exchanges. We also oversee the important functions of self-regulatory organizations and boards such as FASB, FINRA, MSRB, PCAOB, and SIPC. Only SIPC and FINRA’s predecessor, the NASD, even existed back in 1972.