Presentation is loading. Please wait.

Presentation is loading. Please wait.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

Published byPamela Barbra Cain Modified over 9 years ago

Similar presentations

Presentation on theme: "What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani."— Presentation transcript:

1 What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani

2 Page  2 Overview Cybersecurity International Compliance Black Swan Events Advising the Board 1 2 3 4

3 Cybersecurity Page  3 20102011201220132014 9.4 million 22.7 million 24.9 million 28.9 million 42.8 million Total number of security incidents detected by respondents * The equivalent of over 117,000 incoming attacks per day, every day in 2014 * PWC 2015 Global State of Information Security® Survey

4 Page  4 Cybersecurity  Advanced Persistent Threat (APT): Often state-funded; methodical infilitration over months/years  Ex.: Stuxnet; U.S. Office of Personnel Management  Organized crime: Targeting corporate data for financial gain  Ex.: Target; Fin4  “Hacktivism”: Advancing political/policy views  Ex. Anonymous  Insider threats: Employees or contractors using access to possess or release corporate information for personal, competitive, or financial reasons

5 Page  5 International Compliance Overview  Heightened focus on international compliance enforcement actions and investigations  Fines and penalties can reach into the hundreds of millions of dollars  Enforcement actions can result in the potential indictment of a corporate entity  Increasing number of ways that investigations are triggered  Enhanced focus on individual culpability

6 Page  6 Black Swan Events  A “Black Swan” event is one that is highly improbable in terms of frequency, but with game-changing, even catastrophic, consequences when it does occur  Examples: -Macondo -Hurricane Katrina  How does an entity plan for something that it cannot predict? -Need to address response and solution

7 Page  7 Advising the Board  Regardless of the issue or event, Board duties remain the same  Directors must also consider the potential risk of Board and individual liability for corporate events  Lay the foundation for application of the business judgment rule  Understand the scope of existing D&O insurance coverage

8 Page  8 Advising the Board  Are you prepared to advise the Board on these questions? -Does the company have a process or standard to articulate key risk events? -What are the company‘s top risks? -How severe is the impact of these risks? -How likely are the risks to occur? -What are the potential costs of not addressing these risks? -How often do you assess these risks? -Who owns and who is accountable for these risks? -Does the company have the right personnel and resources to address these risks? -How effectively does the company manage these risks? -What does the company spend to prevent and mitigate these risks? -How would the company respond to an event involving these risks?

9 Page  9 Advising the Board  Timing -As events arise or on a scheduled basis?  Audience -Specific committee, such as the Audit or Emergency Response Committee, or the entire Board?  Form of presentation -Continued, ongoing updates on the same key risks or focus on different risk for each presentation? -Oral report, ppt. or a more graphical representation? -Focus on big picture or view from the trenches? -Inclusion of industry/external benchmarking or focus on internal detail for context?  It is not necessarily either/or; customize to fit the needs of your Board and company

10 Page  10 Advising the Board

11 Page  11 Advising the Board Protect Identify  Tone from the top  Internal culture  Documented program  Written policies and procedures  Training and education  Third party contract management  Insurance  Risk assessment  Internal and external audits  Notification standard  Ethics Helpline  Engagement with internal and external experts  Tabletop simulations  Industry threat intelligence

12 Page  12 Advising the Board Mitigate  Emergency response committee  Response and crisis management  External communications  Engagement of the appropriate expertise  Notify external parties where applicable Respond  Regulatory investigations  Claims and litigation  Insurance recovery  Look back

13 What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani

Download ppt "What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Business and Society: Ethics and Stakeholder Management, 5E Carroll & Buchholtz Copyright ©2003 by South-Western, a division of Thomson Learning. All.

Business and Society: Ethics and Stakeholder Management, 5E Carroll & Buchholtz Copyright ©2003 by South-Western, a division of Thomson Learning. All.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Performance Monitoring All All Contracts require basic monitoring once awarded. The Goal of contract monitoring is to ensure that the contract is satisfactorily.

Performance Monitoring All All Contracts require basic monitoring once awarded. The Goal of contract monitoring is to ensure that the contract is satisfactorily.
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Safety and Loss Control

Safety and Loss Control
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Carl Wirdak Occidental Petroleum Corporation GEMI Survey EHS / SR Governance – A Snapshot October 2003.

Carl Wirdak Occidental Petroleum Corporation GEMI Survey EHS / SR Governance – A Snapshot October 2003.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

Similar presentations

Ads by Google