In an age where digital platforms and virtual presence are an integral part of virtually every major corporation, the threat of a cyberattack is significant. Recently, MGM Resorts became the latest high-profile entity to grace the headlines after a deep-seated cyberattack on September 10 resulted in substantial setbacks for the gambling and leisure giant.
The incident at MGM Resorts, further detailed in a comprehensive report by Amundsen Davis LLC, is another stark reminder that companies of all sizes and industries are not immune from this growing tide. Indeed, many household names such as Amazon, Facebook, Alibaba, and Marriott have also been victims of cyberattacks. Even governments around the world have not been spared from such assaults.
The implications of these attacks extend far beyond the immediate financial damage. One area that is being increasingly examined by legal professionals is the impact on Director and Officer (D&O) fiduciary duties. With cyberattacks continuing to rise and evolve, they are factoring more significantly into the discussions and litigation over D&O fiduciary duties.
While the fiduciary duties remain relatively constant – duties of care, loyalty, and good faith – strategies and techniques to fulfill these duties must continually evolve in the face of new realities and threats. A cyberattack is no longer merely a technical issue, but one that can drastically impact a company’s performance and survival. Equally, it can be a determining factor in assessing adherence or breach of fiduciary duties by a company’s officers and board members.
As the frequency and sophistication of cyberattacks grow, understanding their ramifications within the space of fiduciary duties becomes critical. It necessitates an ongoing conversation and reevaluation of current practices among legal practitioners and corporate leaders, especially those who serve as directors and officers in these corporations.
It is abundantly clear that the era of cyber threats is here to stay. They are, undeniably, an important variable in the risk management calculus of corporations and should be an essential component of any robust defense strategy. As such, the intersection between cyberattacks and fiduciary duties represents an area of significant legal interest and importance.