New York partner Stacy Louizos authored an article in Fund Board Views titled “Cybersecurity: A Perennial, Ever-Evolving ‘Hot Topic’ for Director Oversight.” The board’s role relating to cybersecurity is one of oversight and not of management. Board members are not expected to have technical or specialized expert knowledge of cybersecurity. However, in light of the dynamic, evolving nature of cybersecurity, boards should engage in continuing education and have regular discussions with fund management on the topic of cybersecurity in order to effectively perform this oversight function.
In this article, Stacy provides guidance to board members on the board’s cybersecurity oversight responsibilities and best practices, including:
- Topics to discuss with management, such as testing and training, staffing and resources, and incident response plans.
- Board education and cybersecurity topics.
- Board reporting best practices.
- Treatment of third-party vendors and their cybersecurity programs.
- Cyber insurance.
- Board digital communications.