Hacking into computers has become common place. In the United States it grew by 45% in 2017. Yahoo, one of America’s largest Internet search engines, was recently the victim of cyber crime and disgruntled shareholders are suing the directors for dereliction of their fiduciary duties.
Hacking is a reality in South Africa also, which raises the issue of your personal liability as a director in the event of your company being exposed to cyber crime.
What do the Companies Act and King IV expect of directors?
Directors need to have “taken reasonably diligent steps to become informed about the matter” – in other words directors would be expected to know cyber crime has become commonplace and to take steps to ensure the company takes all the necessary actions to prevent outsiders getting access to company information. King IV specifically charges directors to “identify and respond to incidents, including cyber attacks…”.
Your risk is that as a director you are personally liable for any costs, losses or damages resulting from a breach of your duties.
How to protect yourself from liability
If a company suffers loss from a hacking incident, then directors need to show they have addressed the issue to the best of their ability if they want to avoid attracting such liability.
Whilst many of us may feel lost when it comes to technology, it is clearly an issue that exposes a company to significant risk. Make sure you and your board of directors gain an understanding of how to protect your business. You need also to ensure that in need you can show documentation to a court to prove that you acted with diligence to counter the risk of being hacked.