The corporate secretaries' response to a cyber attack

Network breaches are occurring more than ever.

In April, Corporate Secretary suggested ways corporations can protect their data. However, in the wake of the recent security breaches at Sony, Epsilon, NASA and Citi, the outlook for information security on the internet has turned decidedly gray.

‘Eighty percent of organizations suffered network breaches in the past 12 months,’ says Melissa Krasnow, a corporate partner with global business law firm Dorsey & Whitney’. ‘[Smaller] breaches, in addition to these high-profile ones, are occurring frequently.’

The number of successful network security breaches over the past 12 months.

bar chart
Source: Perceptions about Network Security study conducted by Ponemon Institute, June 2011.

You may not realize it now, but security breaches can happen at anytime.

According to ‘Perceptions About Network Security’, a survey released in June that tracked security breaches in the US, the UK, France and Germany, roughly 90 percent of the 583 companies polled claim that they've experienced a network security breach by hackers at least once in the past year. The survey also suggests these attacks can be costly as 41 percent of respondents say their company spent $500,000 or more to repair the damage incurred.

Krasnow, who is also a Certified Information Privacy Professional, provides a few practical steps corporate secretaries should follow in order to respond to a data breach:

(i) Be cognizant of the types of personal data covered by 46 state data breach notification laws, including social security numbers, which could belong to a shareholder, board member, employee or customer.

(ii) Determine whether your company has procedures in place for responding to a possible data breach and help make sure those procedures are complied with on a regular basis.

(iii) Carefully think through all communication about the data incident or breach, by taking into account SEC and related disclosure requirements, and coordinating with your company’s privacy office, information technology, internal and external public relations professionals, the legal department and outside counsel.

(iv) Consider cyber-insurance coverage; your company’s insurance broker can provide more information. This can help ease insecurities that may arise.

(v) After a data incident or breach, review company policies, procedures and practices to determine whether any changes are warranted.

The report, conducted by Ponemon Research and sponsored by equipment and software firm Juniper Networks, calculates the threats companies face in protecting themselves from these unlawful intrusions.

Not surprisingly, 59 percent of the surveyed companies — which range from organizations with less than 500 employees to those with more than 75,000 — experienced two or more breaches within the last year.

As cyber crimes continue to escalate, it’s important for corporations to learn important lessons before hackers penetrate deep into their data system and silently steal information – at anytime.

1 comment

You must be registered to comment.

Please Sign In or Register.

  1. John Kidder|

    For almost any corporation, it will be less expensive and more secure to trust governance data to outside service providers,who have the resources and the competency to maintain highly secure and up-to-date facilities. Internal IT personnel, no matter how good they are, generally have neither the competency nor the resources to match outside services.

Cybersecurity and the Evolving Role of Boards

At a time when the theft of customer information often leads to executive-level shake-ups, boards are taking a greater role in evaluating the adequacy of their organizations’ cybersecurity. But many boards have yet to apply the same level of scrutiny to their board meeting materials. This article provides an evaluation framework for organizations. Focus is on three main factors: where data is stored, the strength of “locks” that provide access, and the control of “keys” for entry.

Click here to download the report


Over 87,000 directors, executives and corporate secretaries worldwide rely on Diligent Boardbooks® to speed and simplify how board materials are produced, delivered, and reviewed. Providing the world's most widely-used board portal, Diligent has pioneered ease of use, stringent security, and superior support since 2001. Diligent Boardbooks provides directors with immediate access to their most time sensitive and confidential information. It also helps administrative staff accelerate production and delivery. For more information, please visit