As boards of directors continue to oversee their companies’ response to the coronavirus pandemic, cybersecurity remains top of mind, especially as directors also prepare for annual shareholder meetings, many of which are being held virtually, according to Kaley Childs Karaffa, Director of Board Engagement at Nasdaq.
“Cyber is a full board issue for every organization,” Karaffa said during a webinar on Closing the Accountability Gap. “Each board should be assessing with regular frequency whether the board structure and processes ensure that they are able to effectively fulfill their oversight responsibilities related to not only cyber but risks more broadly.”
Amid the uncertainty during the outbreak, malicious cyber actors are looking to take advantage of public concern. The U.S. Department of Health and Human Services in mid-March experienced suspicious cyber activity, which was reportedly a distributed denial of service (DDoS) attack. Tech experts also warn of phishing attacks and disinformation campaigns. Phishing attacks, which usually use a combination of email and deceptive websites, try to get victims to reveal sensitive information. Meanwhile, disinformation campaigns sow discord, promote distrust, manipulate the public conversation or disrupt markets.
“This is a vulnerable time for the country, and it’s certainly a time when bad actors will attempt to compromise or hack into your corporate systems. Vigilance by directors is extremely important during this unprecedented time,” said Joan Conley, Senior Vice President and Corporate Secretary at Nasdaq. “The security features of a board portal are of heightened importance as they assist in maintaining confidentiality of board meeting materials and reference documents.”
As the situation surrounding COVID-19 evolves rapidly, a greater level of interaction between boards and management may be beneficial. Karaffa emphasized that management should be keeping the board well informed to allow directors to exercise their duty of oversight and serve as a resource for management bringing in their expertise and experience to inform management’s risk mitigation and business continuity strategies. To this end, many boards may be increasing the frequency of their meetings. Karaffa noted that one company she is working with has moved to conducting weekly virtual meetings during the current crisis at the board’s request, continuing to update policies that ensure the workforce is protected and the supply chain is supported and closely monitor the company’s financial health.
Conley noted that Nasdaq uses a board portal for board meetings and communications, utilizing email capabilities and setting up a document reference section for directors. Conley said she leverages the board portal as a foundation for board meetings, where directors can locate the agenda and material documents for virtual briefings.
As directors continue to oversee the corporate response to the outbreak, they are also preparing for the annual shareholder meetings, considering how to conduct the meeting in a manner that protects shareholders from any exposure to the virus. In mid-March, the U.S. Securities and Exchange Commission published guidance providing regulatory flexibility to companies looking to change the date and location of meetings and hold a virtual forum.
“Virtual shareholder meetings are becoming the norm for 2020, requiring knowledge on legal obligations and understanding of the position taken by institutional investors and proxy voting firms on virtual meetings,” said Conley.
Despite the risks COVID-19 presents, Karaffa urged boards to find “opportunities in the risk environment.” She suggested that boards analyze how the company and board can come out of the pandemic, not only in the short term, but also in the long term. Effective boards and management teams will identify the key things that they can control now to stabilize the business and then look for opportunities to advance long-term strategies, especially in terms of cyber risk and corporate technology structures and flexibility. Directors should assess how lessons learned through this crisis can inform opportunities to improve governance structures and practices and board composition, which will promote greater long-term growth and sustainability and overall board effectiveness.
To learn more about how boards and IT executives can mitigate cyber risks in times of uncertainty, hear insights from Nasdaq, Tanium, Brunswick Group, and Alston & Bird experts as they discuss Closing the Accountability Gap.
© 2020 Nasdaq, Inc. The Nasdaq logo and the Nasdaq ‘ribbon’ logo are the registered and unregistered trademarks, or service marks, of Nasdaq, Inc. in the U.S. and other countries. All rights reserved. This communication and the content found by following any link herein are being provided to you by Corporate Solutions, a business of Nasdaq, Inc. and certain of its subsidiaries (collectively, “Nasdaq”), for informational purposes only. Nothing herein shall constitute a recommendation, solicitation, invitation, inducement, promotion, or offer for the purchase or sale of any investment product, nor shall this material be construed in any way as investment, legal, or tax advice, or as a recommendation, reference, or endorsement by Nasdaq. Nasdaq makes no representation or warranty with respect to this communication or such content and expressly disclaims any implied warranty under law. At the time of publication, the information herein was believed to be accurate, however, such information is subject to change without notice. This information is not directed or intended for distribution to, or use by, any citizen or resident of, or otherwise located in, any jurisdiction where such distribution or use would be contrary to any law or regulation or which would subject Nasdaq to any registration or licensing requirements or any other liability within such jurisdiction. By reviewing this material, you acknowledge that neither Nasdaq nor any of its third-party providers shall under any circumstance be liable for any lost profits or lost opportunity, direct, indirect, special, consequential, incidental, or punitive damages whatsoever, even if Nasdaq or its third-party providers have been advised of the possibility of such damages.