Document Type



A changing cybersecurity environment now poses a significant corporate-governance challenge. Although some cybersecurity data breaches may be inevitable, courts now increasingly consider when a corporation’s officers and directors may be held liable on theories that they acted in bad faith and failed to adequately oversee the corporation’s affairs. This short essay reviews recent derivative decisions and encourages corporate boards to recognize that in an environment filled with increasing threats, a reasonable response will require devoting real resources and attention to cybersecurity issues.