If you're in business today, you're likely very reliant on important data being stored digitally. Maybe it's the personal data of clients or patients. It could be the contractual information of suppliers, or the bank account numbers of employees for payroll direct deposits.
Unfortunately, having this data become lost or breached is becoming more common these days. In its latest annual study on data breach preparedness, the Ponemon Institute reports that 43% of companies have experienced a data breach in the past year.
We've all read about the devastating financial and reputational impact larger public companies have experienced with data breaches. But smaller, privately held companies face the same financial losses. By not overseeing security and privacy issues carefully, directors and officers could expose themselves to claims of negligent duty of care. Standard cyber insurance policies may not cover these claims. Tapping into the company's balance sheet to pay for these claims could also result in additional lawsuits from shareholders.
So what steps should directors and officers of private companies take in regards to this risk?
- Make data security and privacy a regular topic at management meetings
- Consider hiring third-party consultants to assess the company's data-protection systems, and to educate directors and officers on findings
- When directors and officers are deciding issues of data security, carefully document the discussions to demonstrate appropriate care
- Hold employee information and training sessions to increase awareness of risk issue
- Ensure open lines of communication between directors and officers and IT department so security risks have a greater chance of being addressed appropriately
- Review insurance policies holistically for coverage regarding security incidents and protection of the company's brand, information assets and other assets