Editor’s note: “Eye on Cyber” is a regular column by Cyrus R. Vance Jr. and other Baker McKenzie practitioners who will provide analysis and commentary on cybersecurity-related regulations, developments and trends.

The Wall Street Journal recently conducted a survey of public and private companies on the topic of cyber-preparedness and expertise. Although 76% of companies said that they had at least one board member with cyber expertise, and about 20% said they had more than three such board members, only three in 10 companies surveyed felt their board’s ability to manage a cyber event was “expert” or “advanced.” In our current regulatory environment, it’s imperative for boards to understand the standards they must meet to effectively discharge the duty of oversight when it comes to cybersecurity. Failure to manage and oversee cybersecurity issues competently will increasingly result in claims that board members have breached their fiduciary duties, exposing them to the type of derivative liability from which they have so far largely been insulated in the content of cyber breaches.