TheCorporateCounsel.net

Wasn’t it was only yesterday that proxy access was one of the most hotly contested corporate governance issues? Now this Sidley memo says the game’s pretty much over – and proxy access has become mainstream:

As of the end of January 2018, 65% of S&P 500 companies have adopted proxy access. Through the collective efforts of large institutional investors, including public and private pension funds and other shareholders, shareholders are increasingly gaining the power to nominate a number of director candidates without undertaking the expense of a proxy solicitation. By obtaining proxy access (the ability to include shareholder nominees in the company’s own proxy materials), shareholders have yet another tool to influence board decisions.

Some of the 2017 developments noted in the memo suggest that not only is the concept of shareholder proxy access well-established, but investors and management are generally in accord on what it should look like:

– The continuing pace of proxy access bylaw adoptions and ongoing convergence toward standard key parameters (83% of companies that adopted proxy access in 2017 did so on the following terms: 3% for 3 years for up to 20% of the board (at least 2 directors) with a nominating group size limit of 20);

– Slightly increased average support (54% versus 51%) for shareholder proposals to adopt proxy access in 2017, but fewer proposals being voted on as more companies adopted proxy access in exchange for withdrawal of the proposals;

– The failure to pass of all shareholder proposals seeking specified revisions to existing proxy access provisions (so-called “fix-it” proposals) in 2017, despite favorable recommendations from ISS, which voting results suggest that many shareholders are satisfied with proxy access on market standard terms.

The memo also points out that Fidelity’s shift from opposing to supporting proxy access shareholder proposals may seal the fate of many companies that receive such a proposal in the future.

It seems fair to say that given current trends, proxy access may soon become ubiquitous. Of course, one big question remains – is anybody ever going to actually use it?

Cybersecurity: “I, For One, Welcome Our New Cyber Insurance Overlords”

This Cleary blog says that a group of corporate titans are joining forces to roll out an innovative new cyber insurance product that’s designed to reward good cybersecurity practices:

In response to the growing threat of malware and ransomware attacks and other cybersecurity threats facing businesses today, Apple, Cisco, Allianz and Aon announced a new holistic cyber risk management solution on February 5, 2018. The new product is designed to provide a comprehensive framework for companies to reduce cyber risk by leveraging the expertise of each of the partners. As cyber incidents often impose significant costs on companies that can be difficult to bear directly, cyber insurance can help provide some protection.

Companies interested in purchasing the new insurance product must first undergo a cyber resilience evaluation from Aon to determine their “cybersecurity posture.” Aon will also recommend ways for the company to improve their cybersecurity defenses. Companies that employ Cisco’s Ransomware Defense product and/or Apple devices such as iPhones, iPads and Mac computers, may then be eligible for an “enhanced cyber insurance offering” underwritten by Allianz Global Corporate & Specialty that provides what Apple describes as “market-leading policy coverage terms and conditions,” including lower deductibles, or in certain cases, no deductibles. Companies that purchase this insurance package will also have access to Cisco’s and Aon’s incident response teams in the event that they do suffer a cybersecurity incident.

The blog notes that providing incentives for good cybersecurity practices benefits both insurer and insured – and it won’t hurt Apple & Cisco’s bottom lines either.

There’s one other thing that caught my eye in the blog – the rather alarming statistic that 68% of U.S. businesses haven’t purchased any cyber insurance. Really? Hey, you guys – doesn’t anybody watch “Mr. Robot?”

Cybersecurity: The Board’s Role

While we’re on the subject of cybersecurity, this recent Deloitte memo addresses the board’s role in overseeing the company’s cyber risk management efforts. The memo lays out a model for how boards can develop strong oversight of cyber risks, and notes that this oversight function involves the many of the same risk management skills that directors apply to other areas of the company’s business. Here’s an excerpt:

Board members needn’t become cyber security specialists. But by bringing to bear their deep experience in risk management, they can push management to answer tough questions and identify potential weaknesses in an organization’s cybersecurity strategy and capabilities.

Knowing that every company will have to accept some risk, the board can help management focus its efforts on the highest risk areas, while preserving the company’s ability to innovate. Again, the question returns to the organization’s risk appetite, and the board’s ability to make sure the organization’s cyber security efforts align with agreed upon risk parameters.

– John Jenkins