Yahoo breaches impact on Verizon deal reminds us that cybersecurity is a board concern

Even in today’s day and age, data security issues are sometimes (much too often, in fact) shuffled aside by C-suite executives who are stuck believing that network security is a concern for the IT department, not those who run the company on a day-to-day basis.

But last quarter’s revelation that the disclosure of two massive Yahoo data breaches in 2016 knocked $350 million off Yahoo’s several-billion-dollar acquisition by Verizon reminds us that cybersecurity remains as much a priority for a company’s Chief Executive Officer as it is for anyone else. Just like a failed product launch or increasing costs of production, the bottom line is that deficient cybersecurity affects, well, your bottom line.

Against the backdrop of their common-law fiduciary obligations, company board members already oversee the establishment of appropriate risk management programs. Whatever the risks are, boards are tasked with assessing and managing them for the benefit of the company and its shareholders. In this regard, cyber risk is no exception.

So how exactly does the topic get integrated into boardroom discussions? Proactively. After all, the last thing you want is a board hearing about cybersecurity for the first time in the wake of a data breach, regardless of size. A good start is to involve the board in the preparation (and regular review) of a data incident response plan, which should identify key team members (including at least one member of the board and not just the Chief Information Officer) who will spring into action to help identify, remediate,  respond to and recover from a breach. 

For any CEO still questioning whether to introduce cyber issues to the balance of the board, the proof is in the pudding. According to the Ponemon Institute’s 2016 Cost of Data Breach Study for the United States, board-level involvement reduces response costs in the amount of nearly $7 for each lost or stolen record containing personally identifiable information. With breaches affecting tens of thousands or hundreds of thousands of individuals becoming the norm, those savings matter. Just ask Yahoo. While its breaches (which affected more than one billion users) didn’t sink its deal with Verizon, they sure did take a bite out of it.

Attorney Advertising. Prior results do not guarantee a similar outcome. This publication is provided as a service to clients and friends of Harter Secrest & Emery LLP. It is intended for general information purposes only and should not be considered as legal advice. The contents are neither an exhaustive discussion nor do they purport to cover all developments in the area. The reader should consult with legal counsel to determine how applicable laws relate to specific situations. ©2017 Harter Secrest & Emery LLP