本文自董事會受託義務出發，先將目光放在美國德拉瓦州法院判例，整理近年來Caremark系列判決和股東派生訴訟，討論美國主管機關SEC對企業的建議和措施，以此去發掘董事會在資訊安全議題的監督義務。

通過我國在資訊安全義務事前（Ex Ante）與事後（Ex Post）標準，了解我國主管機關金融監督管理委員會在資訊安全規範所扮演的角色。軟硬法組合的管制策略促使上市櫃公司增強自身的資訊安全政策，與事件發生後的揭露義務，以符合外部市場標準和企業利害關係人治理要求。

最後，就目前重大資訊、年報與裁罰所遇到的問題進行研究整理進行實證研究，討論我國在應用事後的法律規範之結果，提出治理建議。通過以上研究說明資訊安全視為企業公司治理中不可或缺的一部分，對於完善公司治理和承擔社會責任具有必要性。

Commencing with the board of directors' entrusted obligations, this article focuses on legal precedents in Delaware, USA. Recent judgments within the Caremark series and shareholder derivative litigations are systematically discussed, serving as a platform to explore board oversight duties for cybersecurity. Insights from the US regulatory authority, the Securities and Exchange Commission (SEC), are incorporated.

Analyzing ex ante and ex post cybersecurity standards, the role of our national regulatory authority, the Financial Supervisory Commission (FSC), is elucidated. Through a blend of soft and hard law approaches, listed companies enhance internal cybersecurity policies. This encompasses pre-emptive measures and post-incident disclosure obligations, aligning with market standards and stakeholder governance.

Concluding with an empirical study on cybersecurity incidents, annual reports, and penalties, ex post legal norms guide governance recommendations. The study underscores cybersecurity 's indispensability in corporate governance, refining practices and societal responsibilities.

第壹章 緒論............................................................................................................................1
第一節 研究背景..........................................................................................................................3
第二節 研究動機與目的............................................................................................................5
第三節 研究方法與架構............................................................................................................7
第貳章 董事會受託義務與監督義務之內涵..................................................................9
第一節 美國法下董事受託與監督義務司法實務..........................................................10
第一項 美國監督義務司法實務......................................................................................11
第一目 Graham v. Allis-Chalmers Manufacturing Co.........................................11
第二目 In re Caremark Intern. Inc. Derivative Litigation..................................12
第三目 Stone ex rel. AmSouth Bancorporation v. Ritter....................................14
第四目 Marchand v. Barnhill .......................................................................................16
第二項 判決影響與小結.....................................................................................................19
第二節 監督義務的內涵連結到 ESG 內涵 ......................................................................21
第一項 美國司法實務相關判決......................................................................................22
第一目 In re Clovis Oncology, Inc. Derivative Litigation ..................................22
第二目 Hughes v. Xiaoming Hu..................................................................................24
第三目 In re The Boeing Co. Derivative Litigation..............................................25
第四目 Firemen’s Retirement System of St. Louis v. Sorenson...................26
第五目 In re McDonald's Corporation Stockholder Derivative Litigation....28
第二項 判決影響與小結.....................................................................................................29
第三節 本章結論........................................................................................................................31
第參章 美國資安相關義務與監管規範.........................................................................34
第一節 美國資安監督義務判決...........................................................................................34
第一項 重大資安事件導致之相關判決........................................................................34
第一目 Palkon v. Holmes...............................................................................................34
第二目 Target案..............................................................................................................35
第三目 In re The Home Depot.....................................................................................36
第二項 小結.............................................................................................................................38
第二節 美國資安監督義務.....................................................................................................40
第一項 SEC 與資安規範.....................................................................................................41
第一目 2011年指南.........................................................................................................43
第二目 2018年指南.........................................................................................................46
第三目 2022 年 Rule 10 擬議揭露要求.....................................................................49
第四目 小結........................................................................................................................51
第二項 SEC 對資安事件的處理與集體訴訟...............................................................52
第一目 Yahoo!案...............................................................................................................53
第二目 美國第一銀行案................................................................................................54
第三目 Pearson 出版社案..............................................................................................56
第四目 小結........................................................................................................................56
第三節 小結..................................................................................................................................57
第肆章 我國資訊安全事前法律策略.............................................................................60
第一節 董事會監督義務相關實務......................................................................................61
第一項 立法論與學者見解................................................................................................61
第二項 司法實務...................................................................................................................63
第一目 幸福人壽案..........................................................................................................63
第二目 太電掏空案..........................................................................................................66
第三目 太平洋建設租金案...........................................................................................67
第三項 小結.............................................................................................................................69
第二節 事前法律策略..............................................................................................................71
第一項 外部他律規範..........................................................................................................71
第一目 重大訊息與年報公告......................................................................................71
第二目 取得國際資安管理標準之驗證...................................................................73
第三目 內部控制機制.....................................................................................................73
第二項 企業事前治理..........................................................................................................75
第一目 風險管理、內部控制與法令遵循..............................................................76
第二目 公司治理結構:功能性委員會...................................................................80
第三目 具有專業能力之董事......................................................................................83
第四目 董事會與資安長的關係..................................................................................84
第五目 與監理機關合作................................................................................................86
第六目 ESG治理..............................................................................................................88
第七目 公司治理評鑑.....................................................................................................90
第三節 小結..................................................................................................................................92
第伍章 實證資料討論我國資安管理機制....................................................................95
第一節 重大訊息之資安事件實證觀察.............................................................................96
第一項 資訊安全相關重大訊息的類型........................................................................96

v
第二項 重大消息普遍格式.............................................................................................101
第三項 小結.......................................................................................................................... 105
第二節 年報統計資料彙整.................................................................................................. 105
第一項 董事會功能性委員會........................................................................................106
第二項 重大事件與年報公開關係...............................................................................106
第三項 領域知識、與 ESG 是否加入資安相關風險議題.................................. 108
第四項 小結 .......................................................................................................................... 109
第三節 外部法令裁罰事件.................................................................................................. 111
第一項 資訊安全事件相關民事判決.......................................................................... 111
第二項 主管機關裁罰.......................................................................................................111
第陸章 結論.......................................................................................................................113
參考文獻.............................................................................................................................. 114

 
圖目錄
圖 1:Caremark 監督義務發展 (作者製圖) ..................................................... 32
圖 3:風險管理、內部控制、法例遵循關係.........................................................79
圖 2:我國資訊安全外部他律規範(作者製圖).................................................92
圖 4:本文研究的資料區間說明.............................................................................95
圖 5:我國資訊安全治理隸屬委員會(作者製圖)...........................................106

表目錄
表 1:各年度資安安事件數.....................................................................................96
表 2:重大資訊的類型與事件數.............................................................................97
表 3:新聞或社群中登載之資安事件...................................................................100
表 4:京站重大訊息公告.......................................................................................102
表 5:京站年報中的資安事件說明.......................................................................102
表 6:技嘉重大訊息公告.......................................................................................103
表 7:技嘉年報中的資安事件說明.......................................................................103
表 8:和泰車重大訊息公告...................................................................................104
表 9:公司年報中揭露的重訊資安事件類型.......................................................107
表 10:公司董事是否具有領域知識與現階段企業資安規劃.............................108
附錄清單
附錄 一:台灣資訊安全司法判決實務........................................................................134
附錄 二:金融機構裁罰案件清單................................................................................138
附錄 三:2021-2023 年五月公開資訊觀測站資安事項彙整 ..................................... 140
附錄 四:截至 2023 年五月重大資訊與年報是否公開彙整...................................... 142
附錄 五:發生資安事件公司之年報公開事項-公司治理..........................................144
附錄 六:發生資安事件公司之年報公開事項-資訊安全投入..................................146

一、中文文獻
專書
1. 王文宇（2021），公司治理與法令遵循，1 版，台北：元照出版。

期刊文獻
1. 王文宇（2020），公司負責人的受託義務──溯源與展望，月旦民商法雜誌，68期，頁5-22。
2. 王志誠（2011年），受託人之自己管理義務--從受益人最大利益原則論第三人代為處理信託事務之容許範圍，《政大法學評論》，第123期，頁307-342。
3. 郭大維（2017），企業法令遵循與董事監督義務，月旦法學雜誌，179期，頁20-22。
4. 蔡昌憲（2012），從內控制度及風險管理之國際規範趨勢論我國的公司治理法制：兼論董事監督義務之法律移植，國立臺灣大學法學論叢，第41卷，第4期，頁1819-1896。
5. 蔡昌憲（2018），從公司法第一條修正談公司治理之內外部機制──兼論企業社會責任的推動模式，成大法學，36期，頁89-153。
6. 蔡昌憲、陳乃瑜（2012），內部控制制度、董事監督義務及薪資報酬委員會──評最高法院九十八年度台上字第一三○二號民事判決，月旦法學雜誌，203期，頁200-228。
7. 蔡昌憲（2023），董事會之永續治理角色與董事監督義務，月旦民商法雜誌，第5卷，第1期，頁155-218。

網站資料
1. 林彥良、李介文與莊玉雯（2021），企業生存規則，全球合規管理趨勢跟進了嗎？，勤業眾信，https://www2.deloitte.com/tw/tc/pages/risk/articles/management-trends.html （最後瀏覽日：2023年6月25日）。
2. 陳清祥（2020.3.23），提升企業風險管理正是時候，證交所公司治理中心，https://cgc.twse.com.tw/latestNews/promoteNewsArticleCh/3728 （最後瀏覽日：2023年6月25日）。
3. 謝君豪（2021），參考2021國際資安標準發展新趨勢因應2021年所面臨的科技面風險，BSI英國標準協會，https://www.bsigroup.com/localfiles/zh-tw/e-news/no204/information-security-standards-help-to-face-technological-risks-in-2021-joe-hsieh.pdf （最後瀏覽日：2023年6月25日）。

官方資料
1. 行政院（2023.03.02），院會議案「防止非公務機關個資外洩精進措施」， https://www.ey.gov.tw/Page/448DE008087A1971/85d891ac-0be6-4a29-b309-83f4a4951d09 （最後瀏覽日：2023年6月26日）。
2. 金融監督管理委員會（2021.03.15），金管會舉辦「金融機構落實資訊安全、維持營運不中斷及因應近期資安事件之經驗分享會議」，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202103150002&toolsflag=Y&dtable=News（最後瀏覽日：2023 年6月26日）。
3. 金融監督管理委員會（2022.12.27），《金融資安行動方案》，金融監督管理委員會（2020），頁A-5，https://www.fsc.gov.tw/uploaddowndoc?file=news/202212271650421.pdf&filedisplay=%E9%87%91%E8%9E%8D%E8%B3%87%E5%AE%89%E8%A1%8C%E5%8B%95%E6%96%B9%E6%A1%882.0_1227.pdf&flag=doc（最後瀏覽日：2023年6月26日）。
4. 金融監督管理委員會（2023.05.11），《展望金融資安行動方案 2.0》，https://cyber.ithome.com.tw/2023/session-page/2028（最後瀏覽日：2023年6月25日）。
5. 金融監督管理委員會新聞稿（2020.08.06），〈金管會推動「金融資安行動方案」，追求安全便利不中斷的金融服務目標〉，金管會，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202008060003&dtable=News（最後瀏覽日：2023年6月26日）。
6. 金融監督管理委員會新聞稿（2021.05.27），〈預告「金融控股公司及銀行業內部控制及稽核制度實施辦法」部分條文修正草案〉，金融監督管理委員會，https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202105270006&toolsflag=Y&dtable=News（最後瀏覽日：2023年6月26日）。
7. 金融監督管理委員會新聞稿（2021.12.23），〈「公開發行公司建立內部控制制度處理準則」第九條之一、第四十七條修正草案已完成預告程序，將於近期發布施行〉，金融監督管理委員會，https://www.fsc.gov.tw/ch/home.jsp?id=2&parentpath=0&mcustomize=news_view.jsp&dataserno=202112230009&dtable=News 最後瀏覽日：2023年6月26日）。
8. 財團法人中華民國證券暨期貨市場發展基金會（沒有日期），公司治理評鑑指標2.24參考範例，https://webline.sfi.org.tw/CGE/
9. 臺灣證交所（2021.04.28），臺灣證券交易所股份有限公司公告詳細資料〈臺證上一字第1100007692號〉，https://www.twse.com.tw/zh/announcement/announcement_detail/2CAE9A65A74211EBB2DA005056BE380E（最後瀏覽日：2023年6月26日）。
10. 數位發展部新聞稿（2023.05.30），有關蝦皮、誠品生活及旋轉拍賣涉及個資外洩事件數位部查處說明，數位發展部，https://moda.gov.tw/ADI/news/latest-news/5273（最後瀏覽日：2023年6月26日）。
11. 證券期貨局（2021.11.30），〈修正「公開發行公司年報應行記載事項準則」部分條文及第十一條附表七、附表九、第十九條附表二十二、附表二十三(金管證發字第1100364979號) 公開發行公司年報應行記載事項準則修正總說明〉，https://www.sfb.gov.tw/ch/home.jsp?id=88&parentpath=0,3&mcustomize=lawnews_view.jsp&dataserno=202111300001。

新聞
1. 周峻佑（2021.10.22），勒索軟體AvosLocker攻擊技嘉，聲稱取得該公司與多家廠商的保密協議，ithome（2021年），https://www.ithome.com.tw/news/147432（最後瀏覽日：2023年6月25日）。
2. 林妍溱（2021.11.22），美國法規要求銀行需在36小時內通報網路攻擊事件，iThome，https://www.ithome.com.tw/news/147952 （最後瀏覽日：2023 年 6 月 26 日）。
3. 林妍溱（2022.06.22），鴻海墨西哥工廠傳遭LockBit 2.0勒索軟體攻擊，ithome ，https://www.ithome.com.tw/news/151270（最後瀏覽日：2023年6月25日）。
4. 林美欣（2023.02.10），iRent個資外洩，公總罰20萬、新北交通局也罰9萬！為何引發40萬用戶資安危機？，數位時代，https://www.bnext.com.tw/article/73974/hota-irent-customer-data-exposed-response-security-information（最後瀏覽日：2023年6月26日）。
5. 胡肇芳（2023.02.04），和泰旗下iRent爆個資外洩，公司道歉了…14萬用戶擴大認定40萬，賠償方案「這天」出爐，今周刊，https://www.businesstoday.com.tw/article/category/183027/post/202302020015/（最後瀏覽日：2023年6月25日）
6. 徐子苓（2023.05.30），誠品個資外洩案 數位部開罰10萬元，自由時報，https://ec.ltn.com.tw/article/breakingnews/4318169（最後瀏覽日：2023年6月25日）。
7. 陳怡文（2023.05.21），台灣大車隊遭詐團騙個資轉帳手法曝光！ 業者：接「+886」來電請秒掛，壹蘋新聞網，https://tw.nextapple.com/life/20230521/249957C851F2B310F520B5D4965FEDE1（最後瀏覽日：2023年6月25日）。
8. 陳冠榮（2023.03.08），駭客竊取 160GB 資料高價出售，宏碁證實資料外洩（更新），科技新報，https://technews.tw/2023/03/08/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/ （最後瀏覽日：2023年6月25日）。
9. 竣盟科技（2022.07.01），又見Hive勒索軟體入侵台灣，某知名鍛造輪圈大廠遭加密，被盜1.5TB數據，Hive稱在受害網路潛伏達21天之久!，竣盟科技，https://blog.billows.com.tw/?p=2035（最後瀏覽日：2023年6月25日）。
10. 黃子瑄（2022.08.03），駭客入侵？多間7-11電視螢幕驚見「裴洛西滾出台灣」，統一集團回應了，風傳媒，https://www.storm.mg/lifestyle/4454306（最後瀏覽日：2023年6月25日）。
11. 鉅亨網（2023.02.23），共享車個資也「共享」 和泰等3家公司遭證交所開罰，鉅亨網，https://www.sinotrade.com.tw/richclub/news/63f7554af1ac6ae3b3994b97（最後瀏覽日：2023年6月25日）。
12. 潘羿菁（2023.5.30.），蝦皮誠品違反個資法分別罰20萬及10萬 數位部成立後首次開鍘，中央通訊社，https://www.cna.com.tw/news/afe/202305300321.aspx （最後瀏覽日：2023年6月25日）。
13. 彭偉鎧（2022年），Day5 股東會年報案例分析4--翔名(8091) (產業別：上櫃，電子零組件業)，2022 ITHome鐵人賽，https://ithelp.ithome.com.tw/articles/10294067（最後瀏覽日：2023年6月13日）

判決
1. 臺北地方法院 93年度重訴字第 144 號。
2. 臺灣高等法院 106 年上字第 1343 號。
3. 臺灣高等法院 106 年上字第 1343 號。
4. 臺灣臺北地方法院 105年度訴字第4239號。
5. 臺灣臺北地方法院 105年度訴字第4239號。
6. 臺灣臺北地方法院 94 年金字第 22 號
7. 臺灣臺北地方法院105年度訴字第4239號。

 
二、英文文獻
專書
1. Geoffrey P. Miller (2017). The Law of Governance, Risk Management and Compliance (2nd). Wolters Kluwer Law & Business.
2. Keehner, Michael A.M., and Koenig, David R. (2009). The Relationship Between Boards of Directors and their Risk Management Organizations Are Standards of Best Practice Emerging?, in Rob Quail, Donald Schwartz (Eds.), Corporate Boards: Managers of Risk, Sources of Risk, Wiley-Blackwell (pp. 7-9). ISBN: 978-1-444-31589-9.

期刊文獻
1. Bainbridge, Stephen M. (2009). Caremark and Enterprise Risk Management. Law & Economics Research Paper Series Research Paper No. 09-08, 1-31, https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID1364500_code109222.pdf?abstractid=1364500&mirid=1
2. Christine Hurt, (2014). The Duty to Manage Risk. The Journal of Corporation Law, 39(2), 260-293. https://digitalcommons.law.byu.edu/cgi/viewcontent.cgi?article=1159&context=faculty_scholarship
3. Corporate Laws Committee (2011). Corporate Director's Guidebook. The Business Lawyer, 66 (4), 9975-1064. https://www.jstor.org/stable/23239635?seq=1#metadata_info_tab_contents (last visited Jun. 25, 2023).
4. Edwards, Benjamin P. (2019). Cybersecurity Oversight Liability. Georgia State University Law Review, 35(3), 663-677, https://scholars.law.unlv.edu/cgi/viewcontent.cgi?article=2246&context=facpub (last visited Jun. 25, 2023).
5. Fairfax, Lisa M. (2012). Managing Expectations: Does the Directors' Duty to Monitor Promise More Than It Can Deliver?. Faculty Scholarship at Penn Carey Law, 10(2) ,416-448.
6. Ferrillo, Paul (2021). To Over Disclose or Not: That Is The Question with Cybersecurity. Florida State University Business Review, 20, 79-96.
7. Grossman, Nadelle (2007). Director Compliance with Elusive Fiduciary Duties in A Climate of Corporate Governance Reform. Fordham Journal of Corporate and Financial Law, 12(3), 393, 403-466, https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1229&context=jcfl (last visited Jun. 25, 2023).
8. Ibarra, Eisele (2021). Tighten the Line for Caremark Claims. Florida State University Business Review, 20, 115-135.
9. Lackey, Laurel K. (2018). The Mother of All Breaches How Equifax's Data Hack May Effect You Now ... and in the Future, West Virginia Law. Winter 2017-2018, 34-36.
10. Landefeld, Stewart M., Sroufe, Evelyn Cruz, and Knowlesthe, Sean C. (2019). Delaware Supreme Court's Blue Bell Creameries Decision: Lessons On Risk Oversight and Independence From Marchand v. Barnhill. The Corporate Governance Advisor, 27 (6), 24-28, https://www.perkinscoie.com/images/content/2/2/v3/225525/Corporate-Governance-Advisor-11-2019.pdf (last visited Jun. 25, 2023).
11. Lauer, Steven A., and Murphy, Joseph E. (2020). Compliance and Ethics Programs: What Lawyers Need to Know to Understand the Development of This Field. Business Lawyer,75 ,2541-2565,
12. Lipton, Ann M. (2020). Beyond Internal and External: A Taxonomy of Mechanisms for Regulating Corporate Conduct. Wisconsin Law Review, 657-693, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3576232. (last visited Jun. 25, 2023).
13. Lunn, Brad (2014). Strengthened Director Duties of Care for Cybersecurity Oversight: Evolving Expectations of Existing. Journal of Law & Cyber Warfare, 4(1), 109-137.
14. Nees, Anne Tucker (2010). Who's the Boss? Unmasking Oversight Liability Within the Corporate Power Puzzle. Delaware Journal of Corporate Law, 35, 199-258.
15. Petrin, Martin (2011). Assessing Delaware's Oversight Jurisprudence: A Policy and Theory Perspective. Virginia Law & Business Review, 5(3), 433-480.
16. Rabinowitz, Rebecca (2020). From Securities to Cybersecurity: The SEC Zeroes in on Cybersecurity. Boston College Law Review, 61, 1535-1575, https://lawdigitalcommons.bc.edu/bclr/vol61/iss4/7 (last visited Jun. 25, 2023).]
17. Reed, John L., & Neiderman, Matt (2004). Good Faith and the Ability of Directors to Assert S 102(b)(7)of the Delaware General Corporation Law As A Defense to Claims Alleging Abdication, Lack of Oversight, and Similar Breaches of Fiduciary Duty. Delaware Journal of Corporate Law, 29, 111-142.
18. Restrepo, Claudia A. (2019). The Need for Increased Possibility of Director Liability: Refusal to Dismiss in Re Wells Fargo & Co. Shareholder Derivative Litigation, A Step in the Right Direction. Boston College Law Review, 60 (6), 1689-1730
19. Sale, Hillary A.(2007), Monitoring Caremark's Good Faith. Delaware Journal of Corporate Law, 32, 719-755.
20. Shapira, Roy (2022). Mission Critical ESG and the Scope of Director Oversight Duties. Columbia Business Law Review, 2, 732-803, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4107748 (last visited Jun. 25, 2023).
21. Strine, jr. Leo E., Smith, Kirby, and Reilly Steel (2021). Caremark and ESG, Perfect Together: A Practical Approach to Implementing an Integrated, Efficient, and Effective Caremark and EESG Strategy. Lowa Law Review, 106, 1885-1922, https://ssrn.com/abstract=3664021 (last visited Jun. 25, 2023).
22. Veasey, E. Norman, and Guglielmo, Christine T. Di (2005). What Happened in Delaware Corporate Law and Governance from 1992-2004? A Retrospective on Some Key Developments. University of Pennsylvania Law Review, 153(2), 1399-1512, https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1340&context=penn_law_review (last visited Jun. 25, 2023).
23. Veasey, E. Norman, and Holland, Randy J. (2021). Caremark at the Quarter-Century Watershed: Modern-Day Compliance Realities Frame Corporate Directors' Duty of Good Faith Oversight, Providing New Dynamics for Respecting Chancellor Allen's 1996 Caremark Landmark. The Business Lawyer, 76, 1-29 (2021). at https://www.gfmlaw.com/sites/default/files/pdfs/NV%20Caremark%20Publication%20in%20Business%20Lawyer.PDF (last visited Jun. 25, 2023).
24. Yegelwel, Harris (2015). Cybersecurity Oversight: A Cautionary Tale for Directors. Journal of Technology Law & Policy, 20(2), 229-264, https://scholarship.law.ufl.edu/cgi/viewcontent.cgi?article=1168&context=jtlp (last visited Jun. 25, 2023).

研討會文獻
1. Islam, Md. Shariful, and Stafford, Thomas (2017). Information Technology (IT)Integration and Cybersecurity/Security: The Security Savviness of Board of Directors. Twenty-third Americas Conference on Information Systems, in Boston.

 
官方資料
1. Securities And Exchange Commission (2021). SECURITIES ACT OF 1933 Release No. 10963, https://www.sec.gov/litigation/admin/2021/33-10963.pdf (last visited Jun. 25, 2023).
2. Securities And Exchange Commission (2021). SECURITIES EXCHANGE ACT OF 1934 Release No. 92176, https://www.sec.gov/litigation/admin/2021/34-92176.pdf (last visited Jun. 25, 2023).
3. Securities And Exchange Commission (2023). Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents, https://www.sec.gov/rules/proposed/2023/34-97142.pdf"
4. Securities and Exchange Commission (2011). CF Disclosure Guidance: Topic No. 2 Cybersecurity, https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm (last visited Jun. 25, 2023).
5. Securities and Exchange Commission (2018). Commission Statement and Guidance on Public Company Cybersecurity Disclosures [Release Nos. 33-10459; 34-82746], https://www.sec.gov/rules/interp/2018/33-10459.pdf (last visited Jun. 25, 2023).
6. Securities and Exchange Commission (2022). Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. at https://www.sec.gov/rules/proposed/2022/33-11038.pdf (last visited Jun. 25, 2023).
7. Securities and Exchange Commission (n.d.). United States Securities And Exchange Commission Form 10-K, https://www.sec.gov/Archives/edgar/data/27419/000104746913003100/a2213506z10-k.htm#gc18701_item_14._principal_accountant_fees_and_services (last visited Jun. 25, 2023).

電子文稿
1. ACLS ViewPoints. (2019). Cybersecurity governance. ACLS ViewPoints. at https://www.tapestrynetworks.com/sites/default/files/publication_pdf/ACLS%20ViewPoints%20-%20Cybersecurity%20-%20July%202019%20-%20FINAL%20New%20EY%20logo%20for%20score_0.pdf (last visited Jun. 25, 2023).
2. Aguilar, Luis A. (2014). Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus. United States Securities and Exchange Commission, https://insidecybersecurity.com/sites/insidecybersecurity.com/files/documents/jun2014/cs06102014_BOD_Corporate_Governance_Cyber_Risks.pdf (last visited Jun. 25, 2023).
3. The American Law Institute (2021). Principles of the Law: Compliance, Risk Management, and Enforcement. The American Law Institute, p.13-17. at https://thealiadviser.org/wp-content/uploads/2021/05/Compliance-TD2-4.01.02.pdf (last visited Jun. 25, 2023).
4. Audit Committee Leadership Summit. (2019). Cybersecurity governance. Tapestry Networks Inc. at https://www.tapestrynetworks.com/sites/default/files/publication_pdf/ACLS%20ViewPoints%20-%20Cybersecurity%20-%20July%202019%20-%20FINAL%20New%20EY%20logo%20for%20score_0.pdf (last visited Jun. 25, 2023).
5. Bit Sight. (n.d.). CISO's Guide To Reporting to the Board. BitSight. at https://cdn2.hubspot.net/hubfs/277648/White_Papers/Guide-Reporting-Cybersecurity-To-The-Board-05.06.2016-BitSight.pdf (last visited Jun. 25, 2023).
6. Everson, Miles E.A., Chesley, Dennis L., and Martens, Frank J. (2017). Enterprise Risk Management Integrating with Strategy and Performance. COSO, https://www.coso.org/Shared%20Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf (last visited Jun. 25, 2023).
7. Gwin, Bonnie W., Hanson ,Jeremy C., Sanders, Jeffrey S., and Taylor, Lyndon A. (2022). Board Monitor US 2022 Report. Heidrick & Struggles. at https://www.heidrick.com/en/insights/boards-governance/board-monitor-us-2022 (last visited May 1, 2023).
8. Harrington, Sean L. (2017). Why the Equifax breach could be the tipping point. Westlaw, https://www.concordlawschool.edu/documents/why-the-equifax-breach-could-be-the-tipping-point.pdf (last visited Jun. 25, 2023).
9. Iannone, Peter, & Omar, Ayman (n.d). CYBERSECURITY GOVERNANCE, Five Reasons Your Cybersecurity Governance Strategy May be Flawed and How to Fix It. Kogod School of Business, https://www.american.edu/kogod/research/cybergov/upload/cybersecurity-five-reasons.pdf
10. Internet Crime Complaint Center. (2022). FEDERAL BUREAU OF INVESTIGATION Internet Crime Report. Internet Crime Complaint Center. at https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf (last visited Jun. 25, 2023).
11. LaCroix, Kevin. (2020). Equifax Data Breach-Related Securities Suit Settled for $149 Million. The D&O Diary. at https://media.techtarget.com/digitalguide/images/Misc/EA-Marketing/Eguides/AWS_Certified_Security_Specialty_Exam.pdf (last visited Jun. 25, 2023).
12. Lipton, Martin, Neff, Daniel A, and Brownstein, Andrew R. (2020). Risk Management and the Board of Directors. Wachtell, Lipton, Rosen & Katz. at https://www.wlrk.com/webdocs/wlrknew/ClientMemos/WLRK/WLRK.27765.21.pdf (last visited Jun. 25, 2023).
13. McGrath, Vincent, Sheedy, Elizabeth, and Yu, Fan. (2021). Governance of Cyber Security: STATE OF PLAY. Macquarie University, https://www.mq.edu.au/__data/assets/pdf_file/0008/1194074/MQ_Cyber-Governance-White-Paper-Brochure_A4_V02.0.pdf (last visited Jun. 25, 2023).
14. Morgan, Steven C. (2022). Boardroom Cybersecurity 2022 Report. Cybersecurity Ventures, https://content.secureworks.com/-/media/Files/US/Reports/Secureworks_NC2_BoardroomCybersecurityReport.ashx?modified=20220809161846 (last visited Jun. 25, 2023).
15. New York City Bar Association (2018). Standards vs. Rules for Cyber Regulation - The Eleventh Circuit Weighs in Against The FTC And In Tacit Support For The NYDFS Approach. New York City Bar Association.
16. OECD (2015). G20/OECD Principles of Corporate Governance, OECD, https://www.oecd.org/corporate/principles-corporate-governance/ (last visited Jun. 25, 2023).
17. Phelps, Bill, Cleaveland, Ann, and Weber, Steve. (2020). Resilient Governance for Boards of Directors Considerations For Effective Oversight Of Cyber Risk. UC Berkeley: Center for Long Term Cybersecurity. at https://cltc.berkeley.edu/wp-content/uploads/2020/01/Resilient-Governance-for-Boards-of-Directors-Report.pdf (last visited Jun. 25, 2023).
18. Protiviti, James DeLoach and Thomson, Jeff. (2017) Improving Organizational Performance and Governance: How the COSO Frameworks Can Help. COSO, https://www.coso.org/Shared%20Documents/Improving-Organizational-Performance-and-Governance.pdf (last visited Jun. 25, 2023).
19. SCCE & HCCA. (2020). Compliance Risk Management: Applying the COSO ERM Framework. COSO, https://www.coso.org/Shared%20Documents/Compliance-Risk-Management-Applying-the-COSO-ERM-Framework.pdf (last visited Jun. 25, 2023).
20. World Economic Forum. (2017). Advancing Cyber Resilience: Principles and Tools for Boards. World Economic Forum. at https://www.weforum.org/whitepapers/advancing-cyber-resilience-principles-and-tools-for-boards (last visited Jun. 25, 2023).

網站資料
1. Ahmed, Shar & Send, Partner. (2014). Cybersecurity Update: Are Data Breach Disclosure Requirements on Target?. Akin Gump, https://www.akingump.com/en/news-insights/cybersecurity-update-are-data-breach-disclosure-requirements-on.html (last visited Jun. 25, 2023).
2. Aquila, Francis J, & Friedlander, Nicole. (2018). Board oversight of cyber security. Financier Worldwide Magazine. at https://www.financierworldwide.com/board-oversight-of-cyber-security#.Yl4aWZNBy3I (last visited Jun. 25, 2023).
3. Atkins, Peter A, Gerber, Marc S., and Micheletti, Edward B. (2020). Directors’ Fiduciary Duties: Back to Delaware Law Basics. Harvard Law School Forum, https://corpgov.law.harvard.edu/2020/03/10 /directors-fiduciary-duties-back-to-delaware-law-basics/ (last visited Jun. 25, 2023).
4. Baker, Sophie. (2017) Cybersecurity becoming big ESG concern. Pensions & Investments, https://www.pionline.com/article/20171002/PRINT/171009985/cybersecurity-becoming-big-esg-concern (last visited Jun. 25, 2023).
5. Bernstein, David, Haggerty, John, and Slutsky, Adam. (2019). The Caremark Chimera: Can Directors Be Liable when the Red Flag is hidden from Them? JD Supra, https://www.jdsupra.com/legalnews/the-caremark-chimera-can-directors-be-49798/ (last visited Jun. 25, 2023).
6. Bit Sight. (n.d.). ESG Research: Cybersecurity in The C-Suite and Boardroom. Bit Sight. at https://info.bitsight.com/cybersecurity-in-the-c-suite-and-boardroom (last visited Jun. 25, 2023).
7. Bloomberg Law. (2018). INSIGHT: SEC Disclosure Obligations and Strategies on Cybersecurity: Knowing How and When to Disclose Cyber-Incidents to Minimize Damage. Bloomberg, https://news.bloomberglaw.com/privacy-and-data-security/insight-sec-disclosure-obligations-and-strategies-on-cybersecurity-knowing-how-and-when-to-disclose-cyber-incidents-to-minimize-damage (last visited Jun. 25, 2023).
8. Bowen, Freya K. (2019). Recent Developments in Yahoo and Equifax Data Breach Litigation Suggest Increased Risk of Personal Liability for Directors and Officers for Cybersecurity Incidents. Tech Risk Report, https://www.techriskreport.com/2019/02/recent-developments-yahoo-equifax-data-breach-litigation-suggest-increased-risk-personal-liability-directors-officers-cybersecurity-incidents/(last visited Jun. 25, 2023).
9. Boyle, Matthew. (2021). The Pandemic Got Seniors to Buy Groceries Online. That Might Not Last. Bloomberg, https://www.bloomberg.com/news/articles/2021-05-14/online-grocery-shopping-for-seniors-boomed-during-covid-will-they-stay-loyal (last visited Jun. 25, 2023);
10. Brolley, Michael, Cimon, David and Riordan, Ryan. (2020). Efficient Cyber Risk: Security and Competition in Financial Markets. The FinReg Blog, https://sites.law.duke.edu/thefinregblog/2020/06/22/efficient-cyber-risk-security-and-competition-in-financial-markets/ (last visited Jun. 25, 2023).
11. Buckley, Ross, Zetzsche, Dirk, Arner, Douglas and Birdthistle, William. (2020). Digitalization of Finance, Covid19 and TechRisk. The FinReg Blog, https://sites.law.duke.edu/thefinregblog/2020/11/24/digitalization-of-finance-covid19-and-techrisk/ (last visited Jun. 25, 2023).
12. Buhr, Sarah. (2017). Former Equifax CEO Says Breach Boiled Down to One Person Not Doing Their Job. Tech Crunch, https://techcrunch.com/2017/10/03/former-equifax-ceo-says-breach-boiled-down-to-one-person-not-doing-their-job/ (last visited Jun. 25, 2023).
13. Callahan, Michael J, Larcker, David, and Tayan, Brian. (2021). The General Counsel View of ESG Risk. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/09/23/the-general-counsel-view-of-esg-risk/ (last visited Jun. 25, 2023).
14. Clabby, John E. & Swanson, Joseph W. (2015). Cyber Caremark: Protecting Your Board from Shareholder Derivative Litigation After a Data Loss Event. Carlton Fields. https://www.carltonfields.com/insights/publications/2015/cyber-caremark-protecting-your-board-from-sharehol (last visited Jun. 25, 2023).
15. Clabby, John E. & Swanson, Joseph W. (2015). Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint. Carlton Fields, https://www.carltonfields.com/insights/publications/2015/preparing-for-a-cyber-caremark-lawsuit-lessons-fro (last visited Jun. 25, 2023).
16. Clark, Charles. (2021). ESG in the Age of Cybersecurity. Darkbeam. at https://www.darkbeam.com/blog/esg-in-the-age-of-cybersecurity (last visited Jun. 25, 2023).
17. Crenshaw, Caroline A. (2021). Remarks at the PepsiCo-PwC CPE Conference: Controlling Internal Controls. SEC, https://www.sec.gov/news/speech/crenshaw-controlling-internal-controls-20211116 (last visited Jun. 25, 2023).
18. D. R., Fontaine & J. R, Stark. (2018). Cybersecurity: The SEC’s wake-up call to corporate directors. Harvard Law School Forum, https://corpgov.law.harvard.edu/2018/03/31/cybersecurity-the-secs-wake-up-call-to-corporate-directors/ (last visited Jun. 25, 2023).
19. DeLoach, Jim. (2020). Caremark: Even the Highest Standard Can Be Met. Corporate Compliance Insights, https://www.corporatecomplianceinsights.com/caremark-highest-standard-boards/ (last visited Jun. 25, 2023).
20. Denny, William R. (2020). Mitigating Your Business Risk: Board Responsibilities in Cybersecurity. American Bar Association, https://businesslawtoday.org/2020/02/mitigating-business-risk-board-responsibilities-cybersecurity/ (last visited Jun. 25, 2023).
21. Evans, Stephanie, & Wilson, Alan. (2019). Another Reminder from Delaware About the Duty of Oversight. Jdsupra, https://www.jdsupra.com/post/contentViewerEmbed.aspx?fid=5f6d3ac4-43e9-4f72-8895-5aa35eb60388 (last visited Jun. 25, 2023).
22. Fazzini, Kate. (2018). Moody’s is going to start building the risk of a business-ending hack into its credit ratings. CNBC, https://www.cnbc.com/2018/11/12/moodys-to-build-business-hacking-risk-into-credit-ratings.html (last visited Jun. 25, 2023).
23. Federal Trade Comission. (2019). Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach. Federal Trade Comission, https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related (last visited Jun. 25, 2023).
24. Federal Trade Comission. (2020). Equifax Data Breach Settlement. Federal Trade Comission, https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement (last visited Jun. 25, 2023).
25. Ferrillo, Paul, Zukis, Bob and Platsis, George. (2021). Cybersecurity and Disclosures. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/10/04/cybersecurity-and-disclosures/ (last visited Jun. 25, 2023).
26. Ferrillo, Paul, Zukis, Bob and Veltsos, Christophe. (2020). Leading Digital and Cybersecurity Risk Factor Disclosures for SEC Registrants. Harvard Law School Forum, https://corpgov.law.harvard.edu/2020/12/14/leading-digital-and-cybersecurity-risk-factor-disclosures-for-sec-registrants/#2 (last visited Jun. 25, 2023).
27. Ferrillo, Paul, Zukis, Bob and Veltsos, Christophe. (2021). The SEC’s Clear Reminder About the Need for Quality Cybersecurity Disclosures. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/08/23/the-secs-clear-reminder-about-the-need-for-quality-cybersecurity-disclosures/ (last visited Jun. 25, 2023).
28. Ferrillo, Paul. Zetzsche, Dirk, and Veltsos, Christophe. (2020). Boards Should Care More About Recent “Caremark” Claims and Cybersecurity. Harvard Law School Forum, https://corpgov.law.harvard.edu/2020/09/15/boards-should-care-more-about-recent-caremark-claims-and-cybersecurity/ (last visited Jun. 25, 2023).
29. Floresca, Lauri. (2014). Will Target Test the SEC’s Guidance on Cyber Liability Disclosure?. Woodruff-Sawyer & Co., https://woodruffsawyer.com/cyber-liability/cyber-target/(last visited Jun. 25, 2023).
30. Fontaine, David R.& Stark, John Reed. (2021). Cybersecurity: The SEC’s Wake-up Call to Corporate Directors. Harvard Law School Forum, https://corpgov.law.harvard.edu/2018/03/31/cybersecurity-the-secs-wake-up-call-to-corporate-directors/ (last visited Jun. 25, 2023).
31. France, Thomas W. (2020). Complying with Oversight Fiduciary Duty Obligations in Response to COVID-19. Venable, https://www.venable.com/insights/publications/2020/06/complying-with-oversight-fiduciary-duty-obligat (last visited Jun. 25, 2023).
32. George, David, & Garg, Vikas. (n.d.). The changing role of the board on cybersecurity. Deloitte. at https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/in-ra-changing-role-of-the-board-on-cybersecurity-noexp.pdf (last visited Jun. 25, 2023).
33. Goins, Frances Floriano. (2016) Target’s Directors and Officers Dismissed from Data Breach Lawsuit. Ulmer & Berne LLP, https://www.ulmer.com/client-alerts/targets-directors-officers-dismissed-data-breach-lawsuit/ (last visited Jun. 25, 2023).
34. Gordon, Megan & Silver, Daniel. (2021). The Equifax Hack, SEC Data Breach, and Issuer Disclosure Obligations. Harvard Law School, https://corpgov.law.harvard.edu/2017/10/05/the-equifax-hack-sec-data-breach-and-issuer-disclosure-obligations/ (last visited Jun. 25, 2023).
35. Grace, H. Stephen Jr., Prendergast, S. Lawrence, and Koski-Grafer, Susan. (2019). Board Oversight and Governance: From Tone at the Top to Substantive Checks and Balances. American Bar Association, https://businesslawtoday.org/2019/02/board-oversight-governance-tone-top-substantive-checks-balances/ (last visited Jun. 25, 2023).
36. IEEE. (2022). Three Major Leadership “Perception Gaps” Hindering Cyber Security. IEEE Innovation. at https://innovationatwork.ieee.org/three-major-leadership-perception-gaps-hindering-cyber-security/ (last visited Jun. 25, 2023).
37. Johnson, William, Ferber, Scott and Hanson, Matthew. (2021). SEC Returns Spotlight to Cybersecurity Disclosure Enforcement. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/08/01/sec-returns-spotlight-to-cybersecurity-disclosure-enforcement/ (last visited Jun. 25, 2023).
38. Joyce, Sean, Dobrygowski, Daniel, and Van der Oord, Friso. (2021). Principles for Board Governance of Cyber Risk. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/06/10/principles-for-board-governance-of-cyber-risk/#23 (last visited Jun. 25, 2023).
39. Joyce, Sean, Nocera, Joseph, Gorham, Matt, Berlin, Barbara, and Oleniczak, John. (n.d). How CISOs and boards can prepare for the new era of cyber transparency. PWC, https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/sec-cyber-proposed-disclosure.html (last visited Jun. 25, 2023).
40. Kaplan, Robert S., and Mikes, Anette. (2012) Managing Risks: A New Framework. Harvard Business Review, https://hbr.org/2012/06/managing-risks-a-new-framework (last visited Jun. 25, 2023).
41. Karir, Manish. (2021). ESG and Cyber Risk: How Both Measure Responsible Corporate Behavior for Investors. ISS Insights, https://insights.issgovernance.com/posts/esg-and-cyber-risk-how-both-measure-responsible-corporate-behavior-for-investors/ (last visited Jun. 25, 2023).
42. Katz, David A., & McIntosh, Laura A. (2021). Board Structure Is Key to Oversight. Harvard Law School Forum. https://corpgov.law.harvard.edu/2021/09/27/board-structure-is-key-to-oversight/ (last visited Jun. 25, 2023).
43. Klein, Ofir Z. & Wang, R. Randall. (2023). Recent Delaware Cases Clarify Caremark Oversight Duties for Directors And Executive Officers. Bryan Cave Leighton Paisner, https://www.bclplaw.com/en-US/events-insights-news/recent-delaware-cases-clarify-caremark-oversight-duties-for-directors-and-executive-officers.html (last visited Jun. 25, 2023).
44. Klemash, Steve W., Smith, Jamie C., and Seets, Chuck. (2020). What Companies are Disclosing About Cybersecurity Risk and Oversight. Harvard Law School Forum, https://corpgov.law.harvard.edu/2020/08/25/what-companies-are-disclosing-about-cybersecurity-risk-and-oversight/ (last visited Jun. 25, 2023).
45. LaCroix, Kevin. (2021). A “New Era” of Caremark Claims?. The D&O Diary, https://www.dandodiary.com/2021/01/articles/director-and-officer-liability/a-new-era-of-caremark-claims/ (last visited Jun. 25, 2023).
46. Larcker, David F., Reiss, Peter C., and Tayan, Brian. (2017). Critical Update Needed: Cybersecurity Expertise in the Boardroom. Harvard Law School Forum. at https://corpgov.law.harvard.edu/2017/12/12/critical-update-needed-cybersecurity-expertise-in-the-boardroom/ (last visited Jun. 25, 2023).
47. Leka, Laura (2022). Board Oversight of Sustainability and ESG. International Federation of Accountants, https://www.ifac.org/knowledge-gateway/supporting-international-standards/discussion/board-oversight-sustainability-and-esg (last visited Jun. 25, 2023).
48. Mahajan, Rohit, Shukla, Gaurav, and Seshadri, Deepa. (2021). The Now: Cyber concerns for the Board in the ‘New Normal’. Deloitte, https://www2.deloitte.com/content/dam/Deloitte/in/Documents/risk/in-ra-changing-role-of-the-board-on-cybersecurity-noexp.pdf (last visited Jun. 25, 2023).
49. McGrath, Maggie. (2014). Target Data Breach Spilled Info on As Many As 70 Million Customers. Forbes, https://www.forbes.com/sites/maggiemcgrath/2014/01/10/target-data-breach-spilled-info-on-as-many-as-70-million-customers/?sh=77a4cfdfe795 (last visited Jun. 25, 2023).
50. Mckinsey Podcast. (2021). Boards and cybersecurity. Mckinsey, https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/boards-and-cybersecurity (last visited Jun. 25, 2023).
51. Moore, Susan. (2021). Gartner Predicts 40% of Boards Will Have a Dedicated Cybersecurity Committee by 2025. Gartner, https://www.gartner.com/en/newsroom/press-releases/2021-01-28-gartner-predicts-40--of-boards-will-have-a-dedicated- (last visited Jun. 25, 2023).
52. Musleh Al-Sartawi, Abdalmuttaleb M.A. (2020). Information technology governance and cybersecurity at the board level. InderScience. at https://www.inderscienceonline.com/doi/pdf/10.1504/IJCIS.2020.107265 (last visited Jun. 25, 2023).
53. Navarro, Andrea Navarro & Townsend, Matthew. (2021). Online Sales Ignite in Corners of World Late to the Revolution. Bloomberg, https://www.bloomberg.com/news/articles/2021-01-26/online-shopping-websites-in-india-mexico-russia-boom-with-sales-in-covid-era (last visited Jun. 25, 2023).
54. Neill, Bridget M., Seets, Chuck & Klemash, Steve W. (2019). Disclosure on Cybersecurity Risk and Oversight. Harvard Law School Forum, https://corpgov.law.harvard.edu/2019/10/17/disclosure-on-cybersecurity-risk-and-oversight/ (last visited Jun. 25, 2023).
55. Newman, Craig A. (2019). SEC Cyber Briefing: Regulatory Expectations for 2019. Harvard Law School Forum, https://corpgov.law.harvard.edu/2019/01/02/sec-cyber-briefing-regulatory-expectations-for-2019/ (last visited Jun. 25, 2023).
56. Nexis, Lexis. (2019). Capital One® Data Breach Raises Liability Questions. Lexis Nexis, https://www.lexisnexis.com/community/insights/legal/b/thought-leadership/posts/capital-one-data-breach-raises-liability-questions (last visited Jun. 25, 2023).
57. Office of the Comptroller of the Currency, (2022). Cybersecurity and Financial System Resilience Report. Office of the Comptroller of the Currency, https://www.occ.gov/publications-and-resources/publications/cybersecurity-and-financial-system-resilience/files/pub-2022-cybersecurity-report.pdf (last visited Jun. 25, 2023).
58. Oltsik, Jon. (2021). Is Cybersecurity Really an Issue in the Boardroom and C-Suite? Enterprise Strategy Group. at https://www.esg-global.com/blog/is-cybersecurity-really-an-issue-in-the-boardroom-and-c-suite (last visited Jun. 25, 2023).
59. Osnato, Michael, Bernbach, Allison and LeBas, William. (2021). Key Takeaways from Recent SEC Cybersecurity Charges. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/10/01/key-takeaways-from-recent-sec-cybersecurity-charges/eguards Rule (last visited Jun. 25, 2023).
60. SEC Press Release (2018). Altaba, Formerly Known as Yahoo!, Charged with Failing to Disclose Massive Cybersecurity Breach; Agrees to Pay $35 Million. SEC, https://www.sec.gov/news/press-release/2018-71 (last visited Jun. 25, 2023).
61. Ramstad, Evan. (2015). SEC Won't Punish Target for 2013 Breach. Star Tribune, https://www.govtech.com/security/sec-wont-punish-target-for-2013-breach.html. (last visited Jun. 25, 2023).
62. RBC Corporate Governance and Responsible Investment Team (2020). Cyber security is the top ESG concern for institutional investors. RBC Global Asset Management, https://www.rbcgam.com/en/ca/article/cyber-security-is-the-top-esg-concern-for-institutional-investors/detail (last visited Jun. 25, 2023).
63. Roisman, Elad L. (2021). Speech by Commissioner Roisman on Cybersecurity. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/11/01/speech-by-commissioner-roisman-on-cybersecurity/ (last visited Jun. 25, 2023).
64. Rutta, Michelle, & Diamond, Colin J. (2018). SEC Fines Yahoo $35 Million for Failure to Timely Disclose a Cyber Breach. White Case, https://www.whitecase.com/publications/alert/sec-fines-yahoo-35-million-failure-timely-disclose-cyber-breach (last visited Jun. 25, 2023).
65. Sandstrom, Thomas (2019). Congress Considers Requiring Public Companies to Disclose Board Member Cybersecurity Expertise in SEC Filings. Georgetown Law, https://georgetownlawtechreview.org/congress-considers-requiring-public-companies-to-disclose-board-member-cybersecurity-expertise-in-sec-filings/GLTR-06-2019/ (last visited Jun. 25, 2023).
66. Sarnek, Anna, & Dolan, Cristina. (2022). Cybersecurity is an environmental, social and governance issue. Here's why. World Economic Forum (Mar 1, 2022), https://www.weforum.org/agenda/2022/03/three-reasons-why-cybersecurity-is-a-critical-component-of-esg/ (last visited Jun. 25, 2023).
67. Savarese, John F., Carlin, Wayne M., and Niles, Sabastian V. (2021). A New Angle on Cybersecurity Enforcement from the SEC. Harvard law school forum, https://corpgov.law.harvard.edu/2021/06/26/a-new-angle-on-cybersecurity-enforcement-from-the-sec/#more-138743 (last visited Jun. 25, 2023).
68. Savarese, John F., Eddy, Sarah K., and Niles, Sabastian V. (2021). Cybersecurity Oversight and Defense - A Board and Management Imperative. Harvard Law School Forum, https://corpgov.law.harvard.edu/2021/05/14/cybersecurity-oversight-and-defense-a-board-and-management-imperative/ (last visited Jun. 25, 2023).
69. Saylor Academy (n.d.). Corporate Governance, https://saylordotorg.github.io/text_corporate-governance/index.html (last visited Jun. 25, 2023).
70. Sherman, Barnet. (2020) Municipal Cybersecurity: Governance Metrics For ESG Investors. Forbes, https://www.forbes.com/sites/investor/2020/02/04/municipal-cybersecurity--governance-metrics-for-esg-investors/?sh=53f9d5135a60 (last visited Jun. 25, 2023).
71. Stein, Kara M. (2018). Public Company Cybersecurity Disclosures. Harvard Law School Forum, https://corpgov.law.harvard.edu/2018/02/23/public-company-cybersecurity-disclosures/ (last visited Jun. 25, 2023).
72. Stempel, Jonathan. (2020). Home Depot reaches $17.5 million settlement over 2014 data breach. REUTERS, https://www.reuters.com/article/us-home-depot-cyber-settlement-idUSKBN2842W5 (last visited Jun. 25, 2023).
73. Sumner, Phyllis, Day, Jonathan, and Mahoney, Michael. (2020). Cybersecurity: An Evolving Governance Challenge. Harvard Law School Forum, https://corpgov.law.harvard.edu/2020/03/15/cybersecurity-an-evolving-governance-challenge/ (last visited Jun. 25, 2023).
74. Varlan, Peter. (2017). The Growing Risk of Director Liability for Cyberattacks. New York University School of Law, https://wp.nyu.edu/compliance_enforcement/2017/09/04/the-growing-risk-of-director-liability-for-cyberattacks/ (last visited Jun. 25, 2023).
75. Volz, Dustin & Shepardson, David. (2017). Criticism of Equifax data breach response mounts, shares tumble. REUTERS, https://www.reuters.com/article/us-equifax-cyber (last visited Jun. 25, 2023).
76. Wernick, Alan S. (2021). SEC Increasing Cyber Threat Enforcement: Charges Issuer with Failure to Maintain Proper Cybersecurity Controls and Procedures. American Bar Association, https://businesslawtoday.org/2021/10/sec-increasing-cyber-threat-enforcement-charges-issuer-with-failure-to-maintain-proper-cybersecurity-controls-and-procedures/#_ftn1 (last visited Jun. 25, 2023).

判決
1. Brehm v. Eisner, 746 A.2d 244, 259 (Del. 2000).
2. Firemen's Ret. Sys. of St. Louis on behalf of Marriott Int'l, Inc. v. Sorenson, No. CV 2019-0965-LWW, 2021 WL 4593777 (Del. Ch. Oct. 5, 2021).
3. Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125 (1963).
4. Hughes v. Xiaoming Hu, No. CV 2019-0112-JTL, 2020 WL 1987029 (Del. Ch. Apr. 27, 2020).
5. In re Boeing Co. Derivative Litig., No. CV 2019-0907-MTZ, 2021 WL 4059934 (Del. Ch. Sept. 7, 2021).
6. In re Caremark Intern. Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
7. In re Clovis Oncology, Inc. Derivative Litig., No. CV 2017-0222-JRS (Del. Ch. Oct. 1, 2019).
8. In re Equifax, Inc., Customer Data Sec. Breach Litig., 362 F. Supp. 3d 1295 (N.D. Ga. 2019).
9. In re McDonald's Corp. S'holder Derivative Litig., 291 A.3d 652 (Del. Ch. 2023).
10. In re The Home Depot, Inc. S'holder Derivative Litig., 223 F. Supp. 3d 1317 (N.D. Ga. 2016), p.1320.
11. In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-MD-02752-LHK, 2020 WL 4212811 (N.D. Cal. July 22, 2020), aff'd, No. 20-16633, 2022 WL 2304236, 35 (9th Cir. June 27, 2022).
12. In re: The Home Depot, Inc., Customer Data Sec. Breach Litig., No. 1:14-MD-2583-TWT, 2016 WL 2897520 (N.D. Ga. May 18, 2016), p.1.
13. Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).
14. Palkon v. Holmes, No. 2:14-CV-01234 SRC, 2014 WL 5341880 (D.N.J. Oct. 20, 2014), p.1.
15. Stone ex rel. AmSouth Bancorporation v. Ritter, 911 A.2d 362 (Del. 2006)