The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Public Companies Will Be Required To Disclose If No Cyber Expert On BoD

See Article Here

The House Intelligence Committee introduced a bill that will require publicly traded companies to tell investors in their SEC filings whether they have someone who has cyber expertise on their board. If they do not, they need to explain the reasoning as to why such expertise is unnecessary (sounds like a risk assessment to me). This is a bipartisan bill and could get some real traction. If you have not been watching there is plenty going on in the regulatory space regarding cybersecurity and privacy, and it is only going to continue. There have been too many breaches, too many failed explanations, too many violations of trust and now Congress (and the courts) will get involved. 

I am not saying it’s good or bad, but history is clear, the government will seek to regulate when companies aren’t living up to their corporate citizenship responsibilities and class action litigation comes in to punish for failures. U.S. companies have not had any real punishment for their breaches, therefore, their motivation to dig deeper and try to figure cybersecurity and privacy out has been lacking. There are enough frameworks, best practices, etc. out there to create an understanding of where you are from a cybersecurity and privacy risk perspective and a vision of how to reduce those risks. The board is there to understand all risk and not having that expertise available in the boardroom may be considered negligent in of itself.