Cyber risk has become a key regulatory concern for companies in
the wake of several high-profile breaches.Regulators are paying
increasing attention to the obligations of corporate boards
concerning cyber security, particularly in the healthcare industry
(see our prior blog posts
here and
here).It is therefore concerning that early survey results recently released by the
National Association of Corporate Directors (NACD) found that only
11% of the 1,034 directors responding to the survey believe that
their boards have a high level of understanding of cyber risks.
Directors of healthcare entities admit to the least understanding,
with 30% indicating that they have "little knowledge"
about such risks. Equally alarming was the finding that almost
one-third of the outside directors surveyed are dissatisfied with
the quality of information provided by management with respect to
cybersecurity, and half are dissatisfied with the quantity of that
information.
In view of these NACD survey results and the continuing risk of
security breaches, it is incumbent on healthcare boards to request
and receive necessary education on the risks their organizations
face and what is being done to proactively address cyber risks.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.