The Conference Board Governance Center Blog


A Cybersecurity Guide for Directors

By R. William “Bill” Ide III and Amanda Leech, Dentons Governance Center[1]

With the ever present reality of cybersecurity breaches, there has been a tendency in board governance literature to treat cybersecurity risks differently than other risks facing the organization. In practice, however, boards have long been tasked with protecting their company from significant risks. While cybersecurity may appear to be a daunting new risk to many board members, the long-established “tried and true” board governance approach to risk oversight described herein works well and should  be applied to cybersecurity risk.

Board duties generally fall within six categories: (i) governance (ii) strategy, (iii) risk, (iv) talent, (v) compliance, and (vi) culture. With respect to cybersecurity, the board’s duties in each of these categories play a critical role in effective oversight of a company’s cybersecurity program.

Read the rest of this entry »


Director Compensation: Is This The Calma Before A Storm or Just a Summer Squall? A Handful of Forecasts

By Jim Barrall, Partner, Latham & Watkins LLP

In Calma v. Templeton, the Delaware Chancery Court recently denied a motion to dismiss a lawsuit brought by shareholders against Citrix Systems and its directors which alleged that Citrix’s directors had breached their fiduciary duties by paying the company’s non-employee directors excessive compensation from 2011 through 2013. The key holding of the decision is that Delaware’s “business judgment” rule, which affords directors of Delaware corporations discretion in making business judgments and substantial insulation from liability for their judgments, did not apply in the case because the directors were “interested” in the transaction, which therefore required that their decisions be reviewed under the substantially more demanding “entire fairness” standard. The Court also held that the board’s compensation decisions were not “ratified” by the company’s shareholders, notwithstanding that the shareholder-approved “omnibus equity” plan under which their equity was awarded contained conventional (and very high, IRC Section 162(m) driven) limits on the amount of equity that could be awarded to any individual in a single year, because the limits were not “meaningful.” In our Latham & Watkins Commentary,  Director Compensation after Calma v. Templeton:  Proactive Steps to Consider, we analyze the Calma decision and describe steps that companies should consider taking in the wake of the decision.

Here are my thoughts on how Calma may affect companies, director compensation and corporate governance practices going forward:

Read the rest of this entry »


Leadership Advice from Tom Mars

Now that the rush of proxy season is over for most of you and summer is soon approaching, I thought it might be interesting to reflect on some bigger picture issues. Our friend of the governance center, and former general counsel of Wal-Mart, Tom Mars, has some good advice I thought worth sharing:

Thomas Mars Slides



Shareholder Questionnaires Seeking Board of Director Disclosures on Cybersecurity Oversight

By R. William “Bill” Ide III and Crystal J. Clark

Shareholders are being prodded by peers, governance “thought leaders,” the media and others to obtain disclosures from boards of directors on their oversight of cybersecurity.  Certain pension funds have sent extensive, joint questionnaires to directors of public companies seeking detailed information as to the cybersecurity oversight systems and controls in place.  Our view is that until the SEC provides further guidance, companies will generally find it in their interest to respond to such shareholder inquiries.  Such disclosures, however, should be kept at a high level to demonstrate appropriate awareness and attention, while not disclosing specifics that could compromise the company’s cybersecurity strategy or raise issues under Regulation FD. Read the rest of this entry »


Duties and Liabilities of the Board Regarding Information Security

By Marcel Bucsescu, Assistant Director, Governance Center, The Conference Board

Recent high profile cyber breaches at Anthem, Home Depot, and Sony remind us just how dynamic, complex, and rapidly evolving cyber security and the management  and response to those risks is. Every day, email inboxes are flooded not just with phishing emails and other scams, but also with marketing blasts to solve cyber and tell directors everything they need to know. A huge industry is developing around cyber security, preparedness, and response. But managing risk is not a new challenge for management and boards. Every once and a while, it is helpful to ground ourselves. Recently, the general counsel of a Fortune 500 company shared a memo with me that they had prepared for the board. This memo serves as a reminder that the new and evolving threats that companies face today exist within a legal framework. And while there are many unknowns with cyber risks, the role of the board is still rooted in the basic duties of care, loyalty and good faith to the corporation. Read the rest of this entry »