Post on 04-Jan-2016
What Keeps Your Board Up at Night?Sylvia Kerrigan, Exec. VP, General Counsel & Secretary –
Marathon Oil
Sean Gorman, Partner – Bracewell & Giuliani
Page 2
Overview
Cybersecurity
International Compliance
Black Swan Events
Advising the Board
1
2
3
4
Cybersecurity
Page 3
2010 2011 2012 2013 2014
9.4millio
n
22.7million
24.9million
28.9million
42.8
million
Total number of security incidents detected by respondents*
The equivalent of over 117,000 incoming attacks per day, every day in 2014
* PWC 2015 Global State of Information Security® Survey
Page 4
Cybersecurity
Advanced Persistent Threat (APT): Often state-funded; methodical infilitration over months/years
Ex.: Stuxnet; U.S. Office of Personnel Management
Organized crime: Targeting corporate data for financial gain
Ex.: Target; Fin4
“Hacktivism”: Advancing political/policy views Ex. Anonymous
Insider threats: Employees or contractors using access to possess or release corporate information for personal, competitive, or financial reasons
Page 5
International Compliance
Overview
Heightened focus on international compliance enforcement actions and investigations
Fines and penalties can reach into the hundreds of millions of dollars
Enforcement actions can result in the potential indictment of a corporate entity
Increasing number of ways that investigations are triggered
Enhanced focus on individual culpability
Page 6
Black Swan Events
A “Black Swan” event is one that is highly improbable in terms of frequency, but with game-changing, even catastrophic, consequences when it does occur
Examples:- Macondo- Hurricane Katrina
How does an entity plan for something that it cannot predict?- Need to address response and solution
Page 7
Advising the Board
Regardless of the issue or event, Board duties remain the same
Directors must also consider the potential risk of Board and individual liability for corporate events
Lay the foundation for application of the business judgment rule
Understand the scope of existing D&O insurance coverage
Page 8
Advising the Board
Are you prepared to advise the Board on these questions?- Does the company have a process or standard to articulate key risk
events?- What are the company‘s top risks?- How severe is the impact of these risks?- How likely are the risks to occur?- What are the potential costs of not addressing these risks?- How often do you assess these risks?- Who owns and who is accountable for these risks?- Does the company have the right personnel and resources to address
these risks?- How effectively does the company manage these risks?- What does the company spend to prevent and mitigate these risks?- How would the company respond to an event involving these risks?
Page 9
Advising the Board
Timing- As events arise or on a scheduled basis?
Audience- Specific committee, such as the Audit or Emergency Response
Committee, or the entire Board?
Form of presentation- Continued, ongoing updates on the same key risks or focus on
different risk for each presentation?- Oral report, ppt. or a more graphical representation?- Focus on big picture or view from the trenches?- Inclusion of industry/external benchmarking or focus on internal detail
for context?
It is not necessarily either/or; customize to fit the needs of your Board and company
Page 10
Advising the Board
Page 11
Advising the Board
Protect
Identify
Tone from the top Internal culture Documented program Written policies and procedures Training and education Third party contract management Insurance
Risk assessment Internal and external audits Notification standard Ethics Helpline Engagement with internal and external
experts Tabletop simulations Industry threat intelligence
Page 12
Advising the Board
Mitigate
Emergency response committee Response and crisis management External communications Engagement of the appropriate expertise Notify external parties where applicable
Respond
Regulatory investigations Claims and litigation Insurance recovery Look back
What Keeps Your Board Up at Night?Sylvia Kerrigan, Exec. VP, General Counsel & Secretary –
Marathon Oil
Sean Gorman, Partner – Bracewell & Giuliani