Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in a BankInfoSecurity article titled “Target Breach: Hold Board Responsible?”
The article discussed a consulting firm’s report for shareholders in regard to Target Corp. stating that the company should replace seven of the ten members of its board of directors who served on the audit and corporate responsibility committees that should have provided better oversight into fraud and other cyber-risks when it came to Target’s major data breach.
“The study reinforces that boards need to address cybersecurity risks just as they deal with other types of enterprise risks,” Peretti said. “Boards need to be proactively engaged in understanding IT security risk and need to be asking probing questions in advance of a breach….A report from a consulting firm recommending that a company dismiss board members because of their handling of data security issues is unusual.”
“It’s the first that we’re seeing [such] drastic or significant conclusions [like] in this report,” she said.
“Companies are still struggling with appropriate cybersecurity governance.”
Written by Security Incident Management & Response Team | Alston & Bird LLP