Over the last two years, cyberattacks have continued to grow in both number and severity. In 2013, the FBI notified 3,000 companies in the United States that they had been victims of cyberattacks. Indeed, a recent report issued by the Center for Strategic and International Studies has estimated that cybercrime cost the global economy up to $575 billion annually and approximately $100 billion in the United States alone. And recent headline-grabbing cybercrime incidents involving diverse companies such as Target and Wyndham have demonstrated that cybersecurity is a matter to be taken seriously by management and the board of directors of every publicly traded company.
U.S. government officials and regulators have taken note of the significant effects of cyberattacks. For example, in 2011, following a joint letter from five U.S. senators to U.S. Securities and Exchange Commission Chairman Mary Schapiro, the SEC released disclosure guidelines regarding a public company’s obligation to address cybersecurity threats. More recently, in June 2014, SEC Commissioner Luis Aguilar gave a speech at the New York Stock Exchange in which he noted that “board oversight of cyberrisk management is critical to ensuring that companies are taking adequate steps to prevent, and prepare for, the harms that can result from such attacks.”
