Fiduciary duty is a legal obligation for executives and boards to act in the best interests of stakeholders. In the cybersecurity context, this means protecting company data, disclosing material risks, and ensuring sound security practices.
What is fiduciary duty in cybersecurity?
Fiduciary duty is a legal obligation for executives and boards to act in the best interests of stakeholders. In the cybersecurity context, this means protecting company data, disclosing material risks, and ensuring sound security practices.
Who is responsible?
A fiduciary is a person or entity with a duty to act in good faith and in the best interests of those they serve, whether clients, shareholders, or the organization itself. This obligation, well established in the financial industry, also applies to boards of directors, which must oversee risk on behalf of shareholders. In today’s environment, that responsibility includes cyber risk.
Why does fiduciary duty matter?
Data breaches have become much more frequent in recent years, and courts hold companies accountable, increasingly treating cybersecurity as part of corporate fiduciary duty. Shareholders and customers can claim leadership breached that duty if they fail to prepare for, disclose, or mitigate cyber risks. In Begich v. Sabo (California, 2025), shareholders alleged Compass Diversified’s leaders breached their fiduciary duties by allowing misleading financial statements tied to weak IT and security controls.
Several high-profile cases have shown how failures in cybersecurity can spark claims that executives and boards breached their fiduciary duties
Try ThreatLocker free for 30 days and experience full Zero Trust protection in your own environment.
Schedule a demo customized to your environment and explore how ThreatLocker aligns with your security goals.
Just starting to explore our platform? Find out what ThreatLocker is, how it works, and how it’s different.
