Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Boards need to oversee cybersecurity risk says SEC official

SEC Commissioner Luis Aguilar said board oversight is needed to address cybersecurity

SEC Commissioner Luis Aguilar

The job for corporate board directors has significantly expanded since the financial crisis six years ago—and it’s about to get bigger. Following recent large-scale data breaches, a Securities and Exchange Commission (SEC) official has called for corporate boards to oversee cybersecurity risk.

Speaking at an event at the New York Stock Exchange on June 10, SEC Commissioner Luis Aguilar said board oversight is needed to address cybersecurity, which is now a critical component of risk management.

“Effective board oversight of management’s efforts to address these issues is critical to preventing and effectively responding to successful cyber-attacks and, ultimately, to protecting companies and their consumers, as well as protecting investors and the integrity of the capital markets,” Aguilar, a Democrat on the five-member SEC, said in a statement.

Citing a recent survey of 2013 proxy filings by companies comprising the S&P 200, Aguilar said, “The full boards of these companies are increasingly, and nearly universally, taking responsibility for the risk oversight of the company.” 

While there is no one-size-fits-all answer, Aguilar said that considering recent large-scale data breaches, board members need to make cybersecurity part of their risk management responsibilities given that a cyberattack can be costly for a company both financially and reputational.



Inadequate data breach preparation, response should lead to removing 70 percent of directors at Target says ISS

Planning for the inevitable cyber breach

Study shows fraud threats have increased across the board


“Given the significant cyberattacks that are occurring with disturbing frequency, and the mounting evidence that companies of all shapes and sizes are increasingly under a constant threat of potentially disastrous cyberattacks, ensuring the adequacy of a company’s cybersecurity measures needs to be a critical part of a board of director’s risk oversight responsibilities,” he said.

Corporate cybersecurity efforts have come under increased scrutiny in the past few weeks. In May, proxy advisory firm Institutional Shareholder Services (ISS) suggested that seven of 10 directors at Target be removed from office because the board of directors did not do enough to prevent a massive data breach that occurred in December 2013. The breach led to the theft of personal information, including the names, addresses, phone numbers, and e-mail addresses of up to 70 million customers.

ISS wants the Target directors removed who were assigned to manage risk, and the firm wants the company shareholders to remove them. An annual meeting was scheduled for June 11.

Editor in Chief

author image

Erin E. Harrison

Erin E. Harrison is the Editor in Chief of InsideCounsel magazine. Harrison’s professional background includes extensive expertise in both print and online media, highlighted by...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.