Why Does the CEO Need to Take Control of Cybersecurity?
Your CEO and board of directors are the legal owners of your IT systems. They are legally accountable for cybersecurity. They are accountable to parties that share confidential information with you. This includes:
Learn How Key Leaders Demonstrate Due Diligence
If you are attacked, your CEO and board of directors may need to defend themselves personally in court. Stakeholders will seek accountability if their confidential data is compromised. The CEO is uniquely, personally accountable to stakeholders as a fiduciary. With regard to cyber security, the CEO has a personal, legal duty to put stakeholders' interests ahead of their own. In the eyes of the law, the CEO and Board are the human embodiment of the organization. To defend a claim that fiduciary duty was breached, a CEO must prove that he or she exercised due diligence over IT cyber security.
What if a CEO Fails to Exercise Due Diligence?
As the articles in this website's CEO News make clear, there is a growing trend to treat CEO liability as a personal matter. Prior to the 2010 Enron scandal, CEOs and directors could rest assured that the corporate veil could shield them from personal responsibility for damages resulting from unreasonable risk-taking and wrongdoing in the corporate name. The Sarbanes–Oxley Act of 2002 (SOX) was passed to address the issue of CEO liability for corporate malfeasance. While SOX is specifically directed toward the accuracy of financial information, it reflects a growing trend demanding CEO personal responsibility for corporate acts. Corporate executives and boards that are relying on Supreme Court cases like Citizen's United as a shield against corporate malfeasance are misreading the law to their own peril.
How Does TEMVI Help CEOs and Board Members
TEMVI helps CEOs and board members understand their legal duties around cyber security and teaches them how to manage the senior executive team according to recognized cybersecurity models. Our counsel helps CEOs protect:
What Is the Key to Limiting the CEO's Legal Liability From Cyber Attacks
The key to limiting liability from cyberattacks is active management of the CEO's senior executive team. Active management includes prioritizing and measuring progress toward specific cybersecurity goals for all of the CEO's direct reports (i.e. technology and non-technology executives). Our services are provided directly to the CEO and board:
How is TEMVI Different From My Current IT Cybersecurity Provider
In our experience, your IT provider is likely doing an adequate job. However, most CEOs and boards would be hard pressed to explain why or what they are doing. IT and cybersecurity are--in many ways--a "black box". In most cases, CEOs and boards are trusting their IT team. However, your IT provider is neither qualified nor legally permitted to offer legal opinions on issues like legal cyber risk and liability. Nor should your IT team evaluate their own work. Unlike IT operations, flaws in cyber security are invisible to system users. You will only know that your trust was misplaced after an attack. The worst part is that following an attack the IT team simply moves on to another job. The CEO and board of directors will be left to grapple with the consequences of the cyber attack.
TEMVI provides leaders with:
The Problem We Solve CEOs and board members are personally responsible for cybersecurity. Following a cyberattack, injured parties will often seek to hold CEOs and board members legally responsible for damages. Under the law, CEOs and directors are considered fiduciaries and are personally accountable for damages suffered. Our Mission Mastery of cybersecurity is a required core leadership competency for most organizations in the current world. TEMVI provides affordable, easy-to-understand and follow cybersecurity roadmaps for leaders who wish to master the management and security of information. Information is the core of our knowledge-based society and is the cornerstone of our ability to collaborate. Accurate, secure information is the core of every modern enterprise, government and society. We strive to lead the effort to encourage the spread of this knowledge throughout the world. Our Firm TEMVI, PLLC is a law firm with deep cybersecurity expertise. We help CEOs and board members understand and manage their cybersecurity duties. Failure to manage these duties could result in civil or criminal liability for CEOs or board members. The Internet has become more and more connected with the physical world. Following a cyber attack, the cars, trucks and machines connected to the Internet can malfunction. Parties sometimes are seriously injured or die from these malfunctions. Injured parties typically will name CEOs and board members--in their personal capacity--as defendants in legal actions. Our attorneys and engineers have more than 30 years of experience understanding and managing this cyber risk. TEMVI is led by Donald Temple, Esq.,, Dr. Timothy McKnight, MD,MHS, Thomas View, Esq. and Bruce Hargrave, CISSP. TEMVI, PLLC is a joint venture between TEMVI, PLLC & Team Consulting, Inc.
All organizations use some form of cybersecurity. But did you know that —by law--you must verify that your level of protect ion is adequate. As a CEO or board member, what assurance do you have that you will not be held liable in the wake of a cyber attack on your organization? Ask your current cybersecurity provider if they offer you any of the following: LEGAL ASSURANCE AGAINST CYBER RISK Do they guarantee that their services will offer you sufficient protection from third-party liability if you are attacked? TEMVI provides CEOs with a guarantee that their oversight is legally sufficient. Seeking and following legal advice protects you from liability. CONFIDENTIALITY OF DATA If you are sued, your IT and cybersecurity vendors can be called to testify against you. Their work for you can also be subpoenaed by the government or a plaintiff. TEMVI—as lawyers—must protect your privacy. We can never disclose your information to any party for any reason. This includes the government or law enforcement. ADMISSIBILITY OF EVIDENCE IN YOUR DEFENSE TEMVI gives you a legal assurance that evidence--in your defense--will be admissible in court. INSURANCE CLAIM ASSURANCE Did you know that your Errors and Omissions or Cybersecurity Insurance policies require "legal due diligence" as a condition of paying any claim? Many parties only discover that they have not met this high and specific standard following an incident from the Insurer’s attorney. TEMVI assures you that your cyber-insurance policy will pay your claims. Essentially, we provide your board and CEO with the peace of mind that comes from knowing that all parties who touch, connect with, or use your IT system will be doing so with legally appropriate CEO and board oversight. We look forward to having a conversation to help you negotiate this exciting process. Thomas View, Esq. General Counsel and Managing Director TEMVI, PLLC
This article explains the pitfalls associated with a failure to exercise forthrightness and candor under new SEC disclosure rules.
This article explain how hospitals can be affected by ransomware attack which may pose a serious danger to the very existence of the health care provider.
HIPPA fines resulting from ransomware attacks are real for health care providers--including mental healthcare providers. DGS had become the victim of a ransomware attack that had locked up the patient records. Those records contained personal information, such as name, address, birth date, social security number, and medical information. To secure release of the records, DGS was required to pay a “ransom,” in exchange for a de-encryption “key” that unlocked the records. Because there is a strong possibility that records had been accessed, corrupted or exfiltrated, DGS was forced to undertake the expense of notifying victims and offering them other services and supports in addition to paying the ransom demand.
This article explains how public frustration with cyber attacks is driving calls to jail CEOs who are careless with data entrusted to their organizations.
This article elaborate how cyber attacks are motivated through financial wise , terroristic approach, and also political means hence why CEOs must go a long way not only just securing lives and property but also avoiding lawsuit to protect their reputation, assets and freedom.
This article illustrated why government demand accountability from CEOs in order to curb future occurrence of cyber attacks.
This article explains why CEOs cannot use corporate immunity as a camouflage for criminal negligence or irresponsibility towards the citizens.
This article gives an explanation on how the largest fuel pipeline company was crippled by the activities of cyber attackers thereby resulting to fuel shortage.
This article explains why CEOs should act now to get ahead of personal liability (civil or criminal) for cyber attacks on their companies.
TEMVI arms healthcare CEOs, board members and partners (Fiduciary Leaders) with the tools needed to defend against ransomware attacks and limit the legal liability increasingly associated with them. TEMVI’s team of lawyers, engineers, and Certified Information Systems Security Professionals will work with your healthcare organization to:
It is important to recognize that Fiduciary Leaders of medical service providers can face personal civil or criminal legal liability where their oversight of cybersecurity is deemed negligent.
Accordingly, Fiduciary Leaders need independent legal assurance around the work of employees and vendors who program, maintain and configure the organization's IT systems. TEMVI provides Fiduciary Leaders with the legal assurance that their IT systems will not pose civil or criminal risk to the organization or to individual leaders personally.
Read more about your risks and why you need a Legally Assured System Security Plan from TEMVI.
Risk of cyberattacks on healthcare providers in the COVID era have grown at a geometric rate. Nearly half of all U.S. hospitals disconnected their networks in 2021 due to ransomware attacks according to a study from Philips and CyberMDX. For example, in late 2021, dozens of hospitals and clinics in West Virginia and Ohio canceled surgeries and diverted ambulances following a ransomware attack that knocked out staff access to IT systems across virtually all operations.
These facilities are owned by Memorial Health System, which represents 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General in the Marietta-Parkersburg metropolitan area in West Virginia and Ohio.
Affordable Cybersecurity for Small Business
Effective cybersecurity is not cheap. It is a state; not a device or an automated platform. It is a customized management system staffed by high-level, full-time professionals. It typically requires an investment of thousands of hours by highly specialized lawyers, cybersecurity consultants and senior managers. Smaller operations (i.e. operations generating less than $50 million in annual revenue.) simply do not have the option to invest the $500,000 required to start the process. Smaller operations are typically left to rely on off-the shelf consumer applications and automated, cloud-based solutions.
TEMVI Small Business Solutions (TSBS)
To address this affordability issue, we have created TEMVI Small Business Solutions (TSBS). TSBS packages the legal, technical and management services into a custom-scaled yet highly effective affordable cybersecurity solution for smaller operations. Solutions to the the big crises facing our planet will require diverse perspectives. Until organizations of all sizes in our ecosystem are safe from cyberattacks, we are all vulnerable from downstream attacks via trusted connections.
CYBER-EQUITY INITIATIVE
As well, TEMVI is launching its CYBER-EQUITY INITIATIVE which focuses on identifying and supporting small business owners from underrepresented communities generating less than $3 million in yearly revenues with pricing and financing packages. These solutions are scaled to the ability of the organization to pay. (Click here to learn more)
Are your Information systems secure from hackers? Who says so? As an organization leader you need assurance in the integrity of your defenses and your information systems. Learn more here.
Click Here NowHow do you know that your enterprise technology platforms are delivering the promised return on investment? This is a CEO and Board legal responsibility.
Click Here NowThe CEO and board of directors--not the IT team--are the chief information officers. Failure here could create civil or criminal liability for the CEO and board members.
Click Here NowSchedule a 30-minute consultation with a cybersecurity attorney to learn more about how to protect your assets, freedom and reputation with a legal consultation.
Click Here NowFor more information about CEO and board liability, please reach out to us. A TEMVI associate will contact you to schedule a mutually convenient time for an initial consultation.
Managing Director
LLM, Georgetown University Law Center JD University of California Santa Cruz BA Howard University
Chief Strategist and Advisor, Healthcare Administration
MD, Tufts University School of Medicine MS, Healthcare Management, University of Texas BS, Biology, Brown University Pediatric Residency, University of Chicago
Managing Director
JD Georgetown University Law Center BA Oberlin College Technische Universiteit Delft University of Minnesota - Carlson School of Management
Managing Director
University of Virginia BS, University of Maryland
In 2022, Brooks & Associates, CPAs, LLC and TEMVI, PLLC joined forces to realize the opportunity to serve commercial and government clients in the nexus between law, cybersecurity and financial assurance. Brooks TEMVI JV has significant past performance in the areas of cybersecurity, legal technology and cybersecurity assurance and financial management.
Cybersecurity
In cybersecurity Brooks-TEMVI has provided subject matter expertise in the planning, execution, implementation, and management of cybersecurity for several government agencies including Federal Emergency Management Agency (FEMA) United States Secret Service and The Department of Homeland Security (DHS). Our recent work has consisted of helping Federal Government clients to move toward compliance with the new “ZERO TRUST” mandates from Office of Management and Budget (OMB) M-22-0, manage Identity Credential and Access Management (ICAM), Information Assurance & DevSecOps, perform Threat & Risk Enumeration, Assessment Services, Cloud Security and Vulnerability Management.
Legally Assured Cybersecurity
TEMVI Brooks JV has supplied legally assured cybersecurity advisory services to corporate clients related to programs and strategies required to meet legal obligations associated with the Federal Information Security Modernization Act of 2014 (FISMA). Also, TEMVI-Brooks partners have provided legal assurance to government contractors who provide services to federal, state and local governments and Fortune 500 corporations. Such projects included:• Providing legal advice and perspective to cyber security assessments.
Financial Management
Brooks TEMVI has assisted over 30 federal government agencies with broad based financial management support and partnered with these agencies to perform broad financial management services; and audit and attestation services. Brooks TEMVI has U.S. Department of Defense Financial Management Credentials. As a prime contractor Brooks-TEMVI has provided financial management services to several Department of Defense (DoD) components. These financial management engagements include audit remediation, accounting operations support, resource management and budget support, data analytic support, business process re-engineering support, financial management training, and program/project management.