Key to Preventing Cyberattacks on Companies Is Board of Directors Awareness: Panel

ALM Media
Updated
SEC Chairman Jay Clayton speaking at a Columbia University School of International and Public Affairs cybersecurity event. Photo by Daniel Clark/ALM
SEC Chairman Jay Clayton speaking at a Columbia University School of International and Public Affairs cybersecurity event. Photo by Daniel Clark/ALM

SEC Chairman Jay Clayton speaking at a Columbia University School of International and Public Affairs cybersecurity event. Photo by Daniel Clark/ALM

The world of cybersecurity is constantly evolving and part of that evolution has been counsel and directors becoming more hands-on and interested in the issue, a panel at the "Developing a Defensible Cyber Strategy" discussion said Thursday in New York at the Harmonie Club.

The panel, which was hosted by the Columbia University School of International and Public Affairs, was composed of Connie Brenton, chief of staff and senior director of legal operations at NetApp Inc. and CEO and chairwoman of the board of Corporate Legal Operations Consortium (CLOC); Jason Healey, a senior research scholar at the School of International and Public Affairs; C. Allen Parker, senior executive vice president and general counsel of Wells Fargo who joined the company from Cravath, Swaine & Moore in 2017; Joseph C. Shenker, chairman of Sullivan & Cromwell; Phil Venables, partner and chief operational risk officer at Goldman Sachs; and U.S. Securities and Exchange Commission Chairman Jay Clayton.

The panel agreed that having a company’s board of directors recognize the importance of a robust cybersecurity program is key to stopping future hacks. Venables said that compared with five years ago, boards of directors have come light years in realizing its importance. He said he believes this is so because on almost every board now there is at least one member who has experienced a cyberattack themselves.

That personal experience is partly why Parker is aware of the threats. While working at Cravath, Swaine & Moore, the firm was the victim of an attack by a nation-state, which woke him up because Cravath, he said, had a high level of cybersecurity.

“It was a sobering thing for that to happen to us. If it could happen to a firm at our level of preparedness, it could happen to anyone,” Parker said.

Getting boards of directors in line with cybersecurity issues does not appear to be as much of a problem as it used to be. For Wells Fargo, one of the directors is a former Air Force cybersecurity expert who lets everyone else know about the importance of a strong network infrastructure.

Venables believes that one reason boards of directors are taking a harder look at cybersecurity is that everyone now has his or her own horror stories.

“There was a point five to six years ago where a lot of people sat on multiple boards,” Venables explained. “When that happened you definitely saw this cybersecurity rise up in the agenda. Most directors have had personal experience being in those war rooms after a cyberincident.”

Benton said that collaboration is critical for companies to tackle cybersecurity issues. She said that if companies work together on cybersecurity issues, they will be able to save hundreds of hours of work for their legal departments and for the law firms they work with.

“There has been a strong desire to collaborate,” Benton said based on her conversations with legal operations professionals within CLOC.