Cybersecurity Tops Boards’ 2018 To-Do Lists

Directors also will focus on corporate social responsibility, board composition, activist shareholders, and SEC enforcement, among other hot topics.
David McCannJanuary 8, 2018
Cybersecurity Tops Boards’ 2018 To-Do Lists

Cybersecurity will be the hottest topic for boards of directors this year, according to the latest annual list from law firm Akin Gump Strauss Hauer & Feld.

The “winner” was not much of a surprise, given that 2017 was riddled with high-profile attacks, including those targeting Equifax, Uber, Yahoo, and the U.S. Securities and Exchange Commission. “No crisis should go to waste,” says Akin Gump, counseling boards to learn from those organizations’ misfortunes.

In addition, the SEC has recommended that companies designate a committee responsible for overseeing cybersecurity risk and that boards have at least one cybersecurity expert or consultant.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

Further, the European Union’s General Data Protection Regulation is slated to take effect on May 25. GDPR could prove particularly onerous, as fines for noncompliance top out at the greater of €20 million ($23.9 million) or 4% of worldwide annual revenue.

Companies are taking too long to notify consumers and government agencies of breaches, according to Akin Gump. While most breach-notification deadlines are at least 45 days from discovery of a breach, “companies must move much more quickly … to maintain credibility,” the law firm says.

Akin Gump’s other hot topics for boards this year include the following:

Corporate social responsibility. While some may still perceive CSR initiatives primarily as public relations efforts, more and more companies are developing effective programs as a sound business practice, the law firm notes.

Indeed, Boston Consulting Group recently concluded that companies with better environment, social, and governance standards were more profitable and traded at higher values than their competitors.

Managing five generations of employees. With many workers delaying retirement, companies may still have employees from the “silent generation,” born before 1945. At the same time, Generation Z, those born after 2000, are just now making their way into workforces.

People from different generations often have different priorities and different expectations for the type of work they do, and may struggle to communicate effectively with one another. “Boards should examine what motivates their specific employees,” Akin Gump counsels. Being open to a broader array of options on compensation, for example, rather than a “one-size-fits-all approach,” can result in greater employee performance and satisfaction, the law firm adds.

Corporate strategy. “In an increasingly competitive and evolving marketplace, coupled with a domestic economy growing at a low-single-digit rate, stagnation is tantamount to failure, and singular reliance on organic growth is effectively a bet on poaching market share from rivals,” Akin Gump points out.

The law firm notes that boards will continue to struggle in striking a balance between achieving short-term results and otherwise satisfying investors with an appetite for immediate gratification, and deploying capital to longer-term growth opportunities that pose additional risk.

Board composition. Akin Gump cited research showing that boards with diverse memberships function better and are correlated with better company performance.

The SEC, the firm notes, is considering a requirement for companies to describe the extent to which their boards are diverse with respect to race, gender, and ethnicity.

Shareholder activism. Activists have lately entered some industries that historically had been able to steer clear of them. Akin Gump particularly shines a light on the energy industry.

With the recent relative stabilization of oil pricing, investors are taking up such new themes as challenging energy firms’ strategies, transactions, and governance. However, the law firm stresses that “the board’s fiduciary duty runs to all stockholders, not just proposals by activists.”

Internal investigations. Boards are increasingly confronted with implications of wrongdoing by the company or its employees, coming to light via private-party lawsuits, internal audits, whistleblower tips, and governmental inquiries.

“It has become ever more common for a company’s independent auditors to expect that the company will conduct an internal investigation, especially where the allegations could implicate financial matters or involve possible fraud,” Akin Gump notes.

SEC regulatory relief. Akin Gump says it expects the Trump administration and the Republican-led Congress to advance “significant policy shifts and rule changes at the SEC.” The efforts will be “designed to encourage companies toward public ownership and to facilitate capital formation in both public and private markets.”

Smaller companies will likely be the greatest beneficiaries of these initiatives, the law firm says. However, it adds, some measures will benefit large public companies by eliminating duplicative and non-material disclosure requirements and addressing concerns regarding shareholder proposals.

SEC enforcement. New chairman Jay Clayton has said he won’t seek wholesale changes to the SEC’s fundamental regulatory approach. He has, though, cited retail investor fraud, investment professional misconduct, insider trading, market manipulation, accounting fraud, and cyber matters as areas on which the commission should focus in order to best serve “Main Street” investors.

Trade and sanctions. U.S. persons and companies are prohibited from having dealings with certain designated foreign persons and countries. Akin Gump advises directors — especially U.S. persons who serve on the boards of non-U.S. companies — to be mindful of new changes to these sanctions.

The law firm recommends that non-U.S. companies consider establishing blanket recusal policies for U.S. directors. Such policies would exclude such directors from engaging in any activities that might implicate U.S. sanctions and would wall them off from meetings, discussions, decisions, or other dealings related to such activities.