Understanding and Implementing the NIST Cybersecurity Framework

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 25, 2014 at 9:03 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Tom Conkle.

Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.” [1] Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” [2] The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

…continue reading: Understanding and Implementing the NIST Cybersecurity Framework

White House Releases NIST Cybersecurity Framework

Posted by Holly J. Gregory, Sidley Austin LLP, on Sunday February 23, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Holly J. Gregory is a partner and co-global coordinator of the Corporate Governance and Executive Compensation group at Sidley Austin LLP. This post is based on a Sidley update by Alan Raul and Ed McNicholas.

On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.

…continue reading: White House Releases NIST Cybersecurity Framework

Cybersecurity Risks and the Board of Directors

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
  • Print
  • email
  • Twitter
Editor’s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing in the areas of mergers and acquisitions and complex securities transactions. This post is based on an article by Mr. Katz and Laura A. McIntosh that first appeared in the New York Law Journal; the full article, including footnotes, is available here.

As boards of directors examine the risks that their companies face, corporate cybersecurity issues loom large. Forty-eight percent of directors (and 55 percent of general counsel) cited data security as their top concern in a recent study by Corporate Board Member/FTI Consulting. These numbers have roughly doubled since 2008, when only a quarter of directors and general counsel cited data security as a major concern. With revenues, intellectual property, business relationships and customer confidence potentially at stake, directors should consider whether their companies and management teams are adequately addressing the growing threat of cybersecurity in the new high-tech landscape.

Cybersecurity risk is a difficult and intimidating topic for corporate boards to consider. However, it is important to keep in mind that cybersecurity risk is only one of many areas of risk that are overseen by boards of directors and that, in most cases, the usual strategies and procedures for evaluating and managing risk can apply. Directors are not expected to be experts in this area and are entitled to rely upon management and outside experts for information and advice. Nonetheless, directors should request that management reports to the board on the steps the company is taking to mitigate cyber threats, and directors should consider whether the company is appropriately assessing its risks and devoting adequate resources to the issue. The business judgment rule remains the standard for evaluating decisions taken by a board in this area.

…continue reading: Cybersecurity Risks and the Board of Directors

Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Wednesday September 10, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on an article authored by Mr. Ferrillo and David J. Schwartz.

In our June 4, 2014 article on cyber security and cyber governance [1] we noted that for many reasons, boards of directors and executives of U.S. companies needed to reexamine how they protect (and respond to the successful hacking of) their most critical intellectual property and customer information. One of the reasons was that all signs out of Washington, D.C. pointed towards increasing federal regulation and oversight of cyber security for public and private companies, and particularly for those in the financial services sector. Further, we foresaw not only heightened scrutiny from regulators, but increasing class action litigation, with plaintiffs accusing boards and management of not taking the appropriate steps to protect company and client data. Our predictions were correct on all fronts.

…continue reading: Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Cloud Cyber Security: What Every Director Needs to Know

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday August 6, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Dave Burg and Aaron Philipp, both of PricewaterhouseCoopers LLP.

There are four competing business propositions affecting most American businesses today. Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.

First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on pubic IT cloud computing will experience a compound annual growth of 23.5%.” [1] Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason—whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.” [2]

…continue reading: Cloud Cyber Security: What Every Director Needs to Know

Evaluating Pension Fund Investments Through The Lens Of Good Corporate Governance

Posted by Luis A. Aguilar, Commissioner, U.S. Securities and Exchange Commission, on Tuesday July 1, 2014 at 9:04 am
  • Print
  • email
  • Twitter
Editor’s Note: Luis A. Aguilar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Aguilar’s remarks at the recent Latinos on Fast Track (LOFT) Investors Forum; the full text, including footnotes, is available here. The views expressed in the post are those of Commissioner Aguilar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

I understand today’s participants include a number of trustees and asset managers for some of the country’s largest public and private pension funds. Without a doubt, pension funds play an important role in our capital markets and the global economy. This is due, in part, to the fast growth in pension fund assets, both in the public and private sectors.

For example, since 1993, total public pension fund assets have grown from about $1.3 trillion to over $4.3 trillion in 2011. Over that same period, total private pension fund assets more than doubled from roughly $2.3 trillion to over $6.3 trillion by 2011. As of December 2013, total pension assets have reached more than $18 trillion. This growth was fueled by many factors, including the rise in government support of retirement benefits, and the increased use by companies of pension plans as a way to supplement wages.

…continue reading: Evaluating Pension Fund Investments Through The Lens Of Good Corporate Governance

Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus

Posted by Luis A. Aguilar, Commissioner, U.S. Securities and Exchange Commission, on Tuesday June 17, 2014 at 9:06 am
  • Print
  • email
  • Twitter
Editor’s Note: Luis A. Aguilar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Aguilar’s remarks at the recent “Cyber Risks and the Boardroom” Conference; the full text, including footnotes, is available here. The views expressed in the post are those of Commissioner Aguilar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

I am pleased to be here and to have the opportunity to speak about cyber-risks and the boardroom, a topic that is both timely and extremely important. Over just a relatively short period of time, cybersecurity has become a top concern of American companies, financial institutions, law enforcement, and many regulators. I suspect that not too long ago, we would have been hard-pressed to find many individuals who had even heard of cybersecurity, let alone known what it meant. Yet, in the past few years, there can be no doubt that the focus on this issue has dramatically increased.

…continue reading: Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus

Cyber Governance: What Every Director Needs to Know

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Thursday June 5, 2014 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo.

The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. [1]

Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million). [2] Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” [3]

…continue reading: Cyber Governance: What Every Director Needs to Know

Silicon Valley Venture Survey: First Quarter 2014

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Tuesday May 20, 2014 at 9:21 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Barry J. Kramer, partner in the corporate and securities group at Fenwick & West LLP and is based on a Fenwick publication by Mr. Kramer and Michael J. Patrick; the full publication, including detailed results and valuation data, is available here.

We analyzed the terms of 156 venture financings closed in the first quarter of 2014 by companies headquartered in Silicon Valley.

Overview of Fenwick & West Results

Valuation results in 1Q14 were very strong.

  • Up rounds exceeded down rounds 76% to 8% with 16% flat. The 68 point difference between up and down rounds was the largest since 2Q07, when the spread was 70 points
  • The Fenwick & West Venture Capital Barometer™ showed an average price increase of 85%, a significant increase from 57% in 4Q13.
  • The median price increase of financings in 1Q14 was 52%, a significant increase from 27% in 4Q13 and the highest amount since we began calculating medians in 2004.
  • Software and internet/digital media continued to be the strongest industry sectors, with life science, cleantech and hardware lagging but showing respectable results. The percentage of all financings that are for software companies has trended up in recent years, hitting 45% in this quarter.
  • The use of senior liquidation preference fell for the third quarter in a row, an indication of companies having leverage in negotiations with investors.

…continue reading: Silicon Valley Venture Survey: First Quarter 2014

2014 Proxy Season: Early Indications

Editor’s Note: Richard J. Sandler is a partner at Davis Polk & Wardwell LLP and co-head of the firm’s global corporate governance group. This post is based on a Davis Polk client memorandum.

It is still early days, but here is what we are seeing as the 2014 proxy season unfolds:

Institutional investors promote governance reforms and engagement efforts. Prior to the season Vanguard sent letters to S&P 500 companies seeking adoption of annual director elections, majority voting and the right of holders of 25% of the common stock to call special meetings. It was an unusually public move for a large institutional investor that, like others of its kind, tends to engage in quiet diplomacy. Also unusual was the call for universal adoption of this set of governance practices, in contrast to the case-by-case approach traditionally taken by institutional investors. It may signal that, at least on the governance side of these institutions, these practices are now viewed more as accepted norms than as just best practices. But there remains a disconnect between the governance and investment sides, as we continue to see institutional investors participate in IPOs for companies with none of these provisions.

…continue reading: 2014 Proxy Season: Early Indications

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine