Cybersecurity and Ransomware Threats in a New Disclosure Regime

In the wake of the global pandemic and corporate workforces being distributed in remote locations, cyber attacks and ransomware risks have multiplied, highlighting new vulnerabilities for boards and corporations to address. In addition, the Securities and Exchange Commission issued final rules last July that require issuers to disclose material cybersecurity incidents four business days after the company determines the incident is material, and to disclose annually information regarding cybersecurity risk management, strategy, and governance. This session will not transform you into a cybersecurity expert, but it will help you to become a more knowledgeable corporate director, better informed about state-of-the-art approaches that corporations can deploy to reduce the risk of damage from a significant cyber attack and respond appropriately to ransomware threats. It will also highlight the techniques that boards and corporations can deploy to better identify an incident and help minimize the damage once an attack has been discovered. The session will review steps that boards can implement to help ensure that management is responding to these threats in an appropriate and timely manner. The panelists will share practical lessons and risk mitigation techniques regarding prominent recent cyber breaches, discuss the value of cyber insurance, explore the challenges of assessing the materiality of a cyber incident and meeting disclosure obligations in a timely manner, and consider when and how companies might cooperate with law enforcement, government agencies, or other firms in the industry.