Cybersecurity A Top Issue in Washington

The Federal Trade Commission staff in a recent blog post emphasized the key role corporate boards play in a successful cybersecurity program, urging boards to be alert to cybersecurity risks. The blog post was aimed at corporate directors but fund directors may find the FTC’s considerations helpful. “Boards should ask tough questions about whether their policies and procedures effectively address their company’s security risks and whether actual security practices effectively address the threats they face,” the FTC staff advised. Meanwhile, lawyers from Blank Rome in a memo discussed an executive order from the Biden Administration that seeks to modernize and strengthen the federal government’s cybersecurity standards. Under the order, companies providing IT products and services to U.S. government agencies are now required to notify such agencies of cyber incidents and meet specific cybersecurity standards. The executive order is just one example of the Biden administration’s push to improve the nation’s data privacy and cybersecurity practices in response to recent ransomware attacks, the lawyers write. Cyber risk specialists at the NACD also discussed the latest ransomware attacks and provide questions public company directors can ask their firms regarding cyber risk preparedness, including: Has our company patched the known vulnerability that led to this ransomware attack? Does our company have a policy in place regarding ransomware payment? What is the state of the backup of our company’s critical data?