The growing threat of cybersecurity and data privacy incidents—coupled with the increasingly onerous cyber regulatory environment—has boards of directors recognizing the urgency and placing a top priority on becoming knowledgeable about cybersecurity preparedness. 

They have witnessed the growing onslaught of data breaches and ransomware attacks, as well as the threat of protracted litigation that follows any incident. They increasingly recognize the directors’ duty to oversee a company’s effective cyber prevention and response capabilities.

They want to know cybersecurity plans are in place, that the right external resources are at the ready for fast, effective legal, IT and communications responses and that leadership teams are exercising their cyber plans to create the “muscle memory” needed to execute in the event of an actual incident.

If your board has not raised this issue with you, be proactive. Get the right plans and backup communications channels in place. Conduct regular tabletop exercises with key cross-functional team members. Taken together, these steps will demonstrate to your directors that your company is fully prepared.

In the event of a cyberattack, our global Cybersecurity and Data Privacy Practice has compiled a list of immediate action steps for communicating after a ransomware attack, as well as key ransomware communications do’s and don’ts.