Cooley put out a piece in May 2021 entitled “FTC Expects Board-Level Cybersecurity Oversight”.  Episode 2 speakers Travis LeBlanc and Randy Sabett are two of the related contacts.  The piece states, among other things:

“Boards are ultimately responsible for data security.  According to the FTC, ‘data security begins with the Board of Directors, not the IT Department.’  Boards should set high expectations regarding data security, build a team of stakeholders from throughout the organization, establish formal board-level oversight and hold regular security briefings.  While there is no one-size-fits-all approach, a board-level cybersecurity committee or subcommittee can be an effective way to foster board engagement.”

Read the full piece here.