Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

When Data Hacks Lead to D&O Lawsuits, Actual and Threatened

Many observers, including even this blog, have speculated whether the rising wave of data breaches and cyber security attacks will result in litigation against the directors and officers of the affected companies. Indeed, in 2014, there were two sets of lawsuits filed against the boards of companies that had experienced high-profile data breaches, Target Corp. … Continue Reading

Third Circuit: FTC May Pursue Data Breach Enforcement Action against Wyndham Worldwide

On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham Worldwide Corp. and related entities alleging that the … Continue Reading

Guest Post: Cyber & Privacy Policy Exclusions: Analyzing Differences, Negotiating Modifications

The exclusions are an important part of any liability insurance policy, but this is particularly true of cyber liability insurance polices. In the following guest post, Robert Bregman, CPCU, MLIS, RPLU, Senior Research Analyst, International Risk Management Institute, Inc., takes a look at the ten of the most common exclusions found in cyber liability and … Continue Reading

O.K., This Is a Big Deal: 7th Cir. Reinstates Neiman Marcus Consumer Data Breach Class Action

In a ruling that could provide an important boost future consumer data breach class action litigation, the Seventh Circuit has reinstated the Neiman Marcus data breach lawsuit, ruling that the district court erred in concluding that the plaintiffs’ fear of future harm from the breach was insufficient to establish standing to pursue their claims. As Alison … Continue Reading

Next Up: A Home Depot Data Breach-Related D&O Lawsuit?

After claimants filed shareholders’ data breach-related derivative suits against the boards of Target (here) and Wyndham Worldwide (here), a number of commentators (including me) asked whether we could see a wave of cybersecurity related D&O lawsuits. Interestingly, since these two lawsuits were filed more than a year ago, there have been no further lawsuits of … Continue Reading

Guest Post: Courts Uphold California Privacy Claims Despite Vague Allegations: Opening The Litigation Floodgates?

Among the many concerns that arise whenever unauthorized appropriation or use of consumer data occurs is the possible violation of the consumers’ privacy that the access may represent. In numerous cases, aggrieved parties have tried to assert claims for these alleged privacy violations, but by and large these attempts have not been successful. However, as … Continue Reading

Guest Post: Cybersecurity Enforcement: The FTC Is Out There

Along with the disruption and the reputational damage, a company experiencing a data breach can also find itself attracting the unwanted attention of regulators. Among the federal regulators that has proven to be active in data breach arena has been the Federal Trade Commission. In the following guest post, Robert Carangelo, Eric Hochstadt, and Gaspard Curioni of … Continue Reading

Guest Post: Is Employee Awareness and Training the Holy Grail of Cybersecurity?

In the current environment, most organizations are aware of the potential threats to their firms from a breach of their data systems and networks. Among the ways companies can protect themselves from these types of threats is through improved employee awareness and training. In the following guest post, Paul Ferrillo and Randi Singer of the … Continue Reading

As Part of White House Cyber Security Initiative, President Proposes Uniform Data Notification Rules

As previously discussed on this blog (refer for example here), over the years there have been a number of different responses from the federal government to the threat of cyberattacks on U.S. companies and infrastructure, but overall the government’s track record on the issue is mixed. However, according to a January 12, 2015 Wall Street … Continue Reading

Will Investors Sue Over the Sony Hack Attack?

 As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber breach-related derivative lawsuits against the boards of Target and Wyndham (about which refer … Continue Reading

Up Next: Cyber Insurance Requirements for Banks?

As I noted in a post last week, in a speech earlier this month in which she outlined the steps bank boards can take to address cybersecurity issues, Sarah Raskin, the second-ranking official at the U.S. Department of Treasury, laid out the reasons why banking institutions should be investing in cyber insurance. This speech is … Continue Reading

Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance

Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate governance priority for company executives and corporate boards. For example, in a June 2014 speech, SEC … Continue Reading

Guest Post: Cyber Security Indeed: Derivative Action Dismissed Where Board Proactively Addressed Cyber Risks and Exposures

The derivative lawsuit filed against the board of Wyndham Worldwide Corporation in connection with the series of cyber breaches the company had experienced was being closely watched as possibly representative of a potential new area liability exposure for corporate directors and officers. However, as I discussed in a prior post (here), on October 20, 2014, … Continue Reading
LexBlog