The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

This past year proved to be no better, as a steady stream of governments, businesses and individuals alike became victims of high-profile cyber-attacks in 2022.  Still, despite the frequency, sophistication and severity of these attacks, available data suggests that only about half of U.S. companies even have a cybersecurity response plan in place—and many are not financially prepared should a material cyber-attack occur. As new rules, guidance and initiatives on cyber-related issues continue to emerge, boards should pay particular attention to the demands of cybersecurity oversight and the significant risks posed by cyberattacks, especially as regulators and private litigants continue to bring large numbers of cybersecurity-related actions in response to data breaches.

To read the full post, please click here.

For a PDF of the full memorandum, please click here.