Shareholders Holding Executives Accountable

In a first-of-its-kind move, Yahoo!’s former shareholders have successfully obtained a $29 million settlement based around the failure of the company’s executives to properly protect the company from cybersecurity threats. The shareholders argued that the executives were not involved in setting cybersecurity policies or in the cybersecurity decision making process. Many experts see this as opening the floodgates for future, large dollar shareholder derivative suits which will add additional costs and distractions to companies already struggling to recover from a cybersecurity incident or privacy breach. When you add in the efforts of institutional shareholders to remove executives, including board members and the C-suite, from the companies in which they invest after a significant cybersecurity incident or privacy breach, executives are being forced to play an active role in cybersecurity and data privacy.

To survive these internal struggles, your company needs a defensible cybersecurity program. As the Yahoo! settlement drives home, empowering the executives with the information they need to take the reigns for the company’s cybersecurity and data privacy efforts is core to a defensible cybersecurity program. Executives need to shift their mindset from one in which they are merely informed about cybersecurity and data privacy issues to one in which they are involved in the cybersecurity decision making process. They need cybersecurity and data privacy to make sense.

Don’t wait for your company’s next security event or data breach to implement a defensible cybersecurity program. By then it may be too late.

Fathom Cyber’s unique, risk-based approach to cybersecurity and data privacy allows companies to create agile yet defensible cybersecurity programs. Contact us at [email protected], or visit our website at for more information.