The corporate secretaries' response to a cyber attack

Network breaches are occurring more than ever.

In April, Corporate Secretary suggested ways corporations can protect their data. However, in the wake of the recent security breaches at Sony, Epsilon, NASA and Citi, the outlook for information security on the internet has turned decidedly gray.

‘Eighty percent of organizations suffered network breaches in the past 12 months,’ says Melissa Krasnow, a corporate partner with global business law firm Dorsey & Whitney’. ‘[Smaller] breaches, in addition to these high-profile ones, are occurring frequently.’

The number of successful network security breaches over the past 12 months.

bar chart
Source: Perceptions about Network Security study conducted by Ponemon Institute, June 2011.

You may not realize it now, but security breaches can happen at anytime.

According to ‘Perceptions About Network Security’, a survey released in June that tracked security breaches in the US, the UK, France and Germany, roughly 90 percent of the 583 companies polled claim that they've experienced a network security breach by hackers at least once in the past year. The survey also suggests these attacks can be costly as 41 percent of respondents say their company spent $500,000 or more to repair the damage incurred.

Krasnow, who is also a Certified Information Privacy Professional, provides a few practical steps corporate secretaries should follow in order to respond to a data breach:

(i) Be cognizant of the types of personal data covered by 46 state data breach notification laws, including social security numbers, which could belong to a shareholder, board member, employee or customer.

(ii) Determine whether your company has procedures in place for responding to a possible data breach and help make sure those procedures are complied with on a regular basis.

(iii) Carefully think through all communication about the data incident or breach, by taking into account SEC and related disclosure requirements, and coordinating with your company’s privacy office, information technology, internal and external public relations professionals, the legal department and outside counsel.

(iv) Consider cyber-insurance coverage; your company’s insurance broker can provide more information. This can help ease insecurities that may arise.

(v) After a data incident or breach, review company policies, procedures and practices to determine whether any changes are warranted.

The report, conducted by Ponemon Research and sponsored by equipment and software firm Juniper Networks, calculates the threats companies face in protecting themselves from these unlawful intrusions.

Not surprisingly, 59 percent of the surveyed companies — which range from organizations with less than 500 employees to those with more than 75,000 — experienced two or more breaches within the last year.

As cyber crimes continue to escalate, it’s important for corporations to learn important lessons before hackers penetrate deep into their data system and silently steal information – at anytime.

1 comment

You must be registered to comment.

Please Sign In or Register.

  1. John Kidder|

    For almost any corporation, it will be less expensive and more secure to trust governance data to outside service providers,who have the resources and the competency to maintain highly secure and up-to-date facilities. Internal IT personnel, no matter how good they are, generally have neither the competency nor the resources to match outside services.

Everything you need to know about cyber-threats but were too afraid to ask - Cyber-security 101 -

To improve an organization’s security IQ, everyone needs to have a better understanding of where the risks are and what can be done to eliminate potential threats. Without solid security education and training, everyone within an organization puts his or her company in jeopardy of a data breach and its potential fallout, which includes costly fines and often a reputation hit.

This white paper will discuss:

  • Cyber-security risks
  • Types of attacks
  • How to prevent and protect yourself from future attacks

Please click here to download the report.


Diligent is the leading provider of secure corporate governance and collaboration solutions for boards and senior executives. More than 3,300 clients in more than 60 countries rely on Diligent to provide secure, intuitive access to their most time-sensitive and confidential information, ultimately helping them make better decisions. The Diligent Boards solution speeds and simplifies how board materials are produced and delivered via iPad, Windows and web tools. For more information, please visit

We use cookies to make our website function properly and deliver our services. By using our website, you agree to our use of cookies, please click here to learn how to manage and delete cookies.