Cybersecurity: What Boards Must Know
Attorney Kim Peretti on How to Keep Directors Risk-AwareAs the Target breach demonstrated, boards of directors will be held accountable when their organizations are breached. Attorney Kim Peretti offers tips on how to educate boards about security issues.
Peretti, a partner with the Washington, DC-based law firm of Alston & Bird LLP, just wrote a new advisory, Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny. In this alert, she discusses why board members must educate themselves on cyber-related risks. She also talks about directors' responsibilities before and after a data breach.
"[Boards] have an awareness of the threat out there," Peretti says. "But what they're struggling with - what they don't know - is what is the risk that the [threat] has to any particular organization, how do you mitigate that risk, and how do you respond to it?"
In an interview about educating boards of directors, Peretti discusses:
- What directors don't know about security;
- Pre- and post-breach responsibilities of boards;
- How to educate the board - and when.
Peretti is a partner in the Alston & Bird, LLP law firm's white collar crime group and co-chair of its security incident management and response team. She is also a former director of PricewaterhouseCoopers' cyberforensic service practice and a former senior litigator for the Department of Justice's Computer Crime and Intellectual Property Section. While at the Department of Justice, Peretti led several benchmark cybercrime investigations and prosecutions, including the prosecution of the TJX hacker Albert Gonzalez, currently serving 20 years in prison for his role in the largest hacking and identity theft case ever prosecuted by the department.