The D&O Diary

The D&O Diary


Category Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action

Posted in Cyber Liability
It is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from hackers and … Continue Reading

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently

Posted in Cyber Liability, Health Care Organizations
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled “Nursing Homes Are Exposed to … Continue Reading

Target Directors and Officers Hit with Derivative Suits Based on Data Breach

Posted in Cyber Liability, Director and Officer Liability
  I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been … Continue Reading

Cybersecurity Disclosure Under Scrutiny

Posted in Cyber Liability
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices … Continue Reading

Assessing U.S. Public Company Cyber Risk Disclosure Practices

Posted in Cyber Liability
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure … Continue Reading

A Critical Question Directors Should Be Asking Company Management About Cyber Risk

Posted in Cyber Liability
Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of these … Continue Reading

Cyber Breach Disclosures and the Impact on Companies’ Share Prices

Posted in Cyber Liability
The possibility of securities litigation following the disclosure of  a cyber security breach has been a topic of significant recent attention, including on this site. There already have been securities class action lawsuits filed following significant cyber breaches, at least in some cases. More recently, however, the stock prices of several major companies that recently … Continue Reading

Smaller Companies Should Consider Cyber-Liability Insurance

Posted in Cyber Liability
Smaller companies increasingly are the subject of data breaches  and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security infrastructure for … Continue Reading

Will Cybersecurity Issues Drive the Next Big Securities Litigation Wave?

Posted in Cyber Liability, Securities Litigation
I am sure many readers were disturbed as I was by the February 19, 2013 New York Times article reporting that a Chinese army unit apparently has been executing a concentrated cyber-hacking program targeting U.S. companies and critical U.S. infrastructure. (The report of consulting firm Mandiant that was the basis of the Times article can be … Continue Reading