It's imperative that BoD members and C-Suite executives protect themselves from potential shareholder lawsuits when a cybersecurity incident occurs. Make sure your cybersecurity staff is preserving tamper-proof evidence that security controls are being applied on a regular basis. This is especially true for the proactive detection of software supply chain risks and threats. You may need this evidence someday to prove your innocence and prevent a personal financial loss.
I agree with CISA Director Easterly's wise advice (Read More below).