Cybersecurity and the Role of the Board, an interview with Judith H. Germano

In this episode of CHATTINN CYBER, Marc Schein interviews Judith H. Germano, a nationally recognized thought leader on cybersecurity governance and privacy issues. She is a Senior Fellow at the NYU Center for Cybersecurity (CCS) and the Reiss Center on Law and Security and an Adjunct Professor of Law at NYU School of Law.

Judith was a federal prosecutor for 11 years, from 2002 to 2013. Today, she shares that her last role was as the Chief of economic crimes, which oversaw cybersecurity, securities fraud, and other complex fraud. She handled tremendous cases of international significance, some that were reported in the news and some that were not.

From an experience that spans over a decade, Judith learned the growing importance of cybersecurity for businesses. She realized that there were many questions regarding handling cybersecurity risks- when and whether to work with the government and protect yourself proactively from incidents. And though she loved her government job then, she wanted to help by advising companies proactively.

Judith currently leads the CCS cybersecurity task force and roundtable series of corporate executives and senior government officials addressing critical cybersecurity concerns. She is also the founder of GermanoLaw LLC, advising public and privately-held companies on cybersecurity and privacy matters and representing companies and individuals on securities fraud and other complex white-collar criminal and regulatory compliance issues. Judi counsels senior executives and corporations on cybersecurity, risk management, and strategy. Her publications include: “Cybersecurity Partnerships: A New Era of Collaboration” and “After the Breach: Cybersecurity Liability Risk.”

In today’s episode, she shares the role of boards in handling cybersecurity issues, the changes and advancements made in the industry today, and what challenges remain in the industry for cybersecurity experts to face. We also learn why boards need to proactively ensure that companies are compliant with security policies and address and document their cybersecurity effectively.

Highlights:

“Cyber security is a top priority for organizations and governments. And it is critically important that the board is well versed in cybersecurity.”

“We’ve also seen some cases outside of the cybersecurity context that show that boards have an obligation and fiduciary duty not just to ensure that policies are in place of the organization, but that they’re followed, and a responsibility to document in the minutes what the board is doing to address issues of key importance of the organization.”

“You want to make sure that the board is asking questions that have to do with basic cyber security hygiene.”

“There are some boards that have a specific risk management committee and cyber security and privacy risk may be housed there.”

“As smart as we get defending, the attackers get smart and new ways of attacks.”

“Over the years, many organizations, unfortunately, are still catching up on basic things like encryption and logging and updates and other best practices.”

Time-Stamps:

[02:58] – The role of a board in terms of cybersecurity or cyber maturity
[04:06] – What recent legal decisions helped face the developments of current board liability
[05:21] – How in depth should boards be getting within cybersecurity or cyber risk?
[07:48] – Some of the cybersecurity trends that boards are currently seeing
[10:32] – Engineering in the law school and the concerns of future leaders within cybersecurity

Connect with Judith:

LinkedIn: https://www.linkedin.com/in/judith-germano-b7a63310
Twitter: https://twitter.com/judigermano?lang=en
Website: https://germanolaw.com/