The D&O Diary

The D&O Diary

A PERIODIC JOURNAL CONTAINING ITEMS OF INTEREST FROM THE WORLD OF DIRECTORS & OFFICERS LIABILITY, WITH OCCASIONAL COMMENTARY

Category Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Guest Post: Is Employee Awareness and Training the Holy Grail of Cybersecurity?

Posted in Cyber Liability
In the current environment, most organizations are aware of the potential threats to their firms from a breach of their data systems and networks. Among the ways companies can protect themselves from these types of threats is through improved employee awareness and training. In the following guest post, Paul Ferrillo and Randi Singer of the… Continue Reading

As Part of White House Cyber Security Initiative, President Proposes Uniform Data Notification Rules

Posted in Cyber Liability
As previously discussed on this blog (refer for example here), over the years there have been a number of different responses from the federal government to the threat of cyberattacks on U.S. companies and infrastructure, but overall the government’s track record on the issue is mixed. However, according to a January 12, 2015 Wall Street… Continue Reading

Will Investors Sue Over the Sony Hack Attack?

Posted in Cyber Liability
 As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber breach-related derivative lawsuits against the boards of Target and Wyndham (about which refer… Continue Reading

Up Next: Cyber Insurance Requirements for Banks?

Posted in Cyber Liability
As I noted in a post last week, in a speech earlier this month in which she outlined the steps bank boards can take to address cybersecurity issues, Sarah Raskin, the second-ranking official at the U.S. Department of Treasury, laid out the reasons why banking institutions should be investing in cyber insurance. This speech is… Continue Reading

Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance

Posted in Cyber Liability
Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate governance priority for company executives and corporate boards. For example, in a June 2014 speech, SEC… Continue Reading

Guest Post: Cyber Security Indeed: Derivative Action Dismissed Where Board Proactively Addressed Cyber Risks and Exposures

Posted in Cyber Liability
The derivative lawsuit filed against the board of Wyndham Worldwide Corporation in connection with the series of cyber breaches the company had experienced was being closely watched as possibly representative of a potential new area liability exposure for corporate directors and officers. However, as I discussed in a prior post (here), on October 20, 2014,… Continue Reading

Dismissal Granted in Cyber Breach-Related Derivative Suit Filed Against Wyndham Officials

Posted in Cyber Liability
 Along with the separate derivative lawsuit filed against Target Corporation’s board, the cyber breach-related derivate action filed against Wyndham Worldwide Corporation’s board has been closely watched as representative of a potential new area  liability exposure for corporate directors and officers.  However, in an October 20, 2014 opinion, District of New Jersey Judge Stanley Chesler, applying… Continue Reading

Guest Post: Cyber Security and Cyber Governance: Federal Regulation and Oversight – Today and Tomorrow

Posted in Cyber Liability
It seems that every day there is yet another story in the business pages about a significant data breach at a major company. Cybersecurity is an increasingly important topic for companies and their shareholders, and the problems with cybersecurity are an increasing concern in Washington as well. In the following guest post Paul A. Ferrillo… Continue Reading

Guest Post: The Cloud, Cyber Security and Cloud Cyber Governance: What Every Director Needs to Know

Posted in Cyber Liability
As I have noted frequently on this blog (most recently here), it is becoming increasingly clear that cybersecurity is viewed as a board level issue. At the same time that many boards have taken up the concerns surrounding cybersecurity issues, their companies increasingly are becoming dependent on cloud computing – which potentially could make their… Continue Reading

Guest Post: Mergers, Acquisitions, and Data Privacy: The FTC is Watching

Posted in Cyber Liability
The question of the privacy rights of consumers is an increasingly important topic. In the following guest post, Bill Boeck, Senior Vice President. Insurance & Claims Counsel for Lockton Financial Services, takes a look at recent actions the Federal Trade Commission has taken to protect consumers’ privacy rights and to enforce companies’ privacy policies.  … Continue Reading

More About Stories We’re Following

Posted in Cyber Liability, Director and Officer Liability
Cybersecurity as a D&O Liability Issue: I have noted in prior posts on this site (refer for example here) that cybersecurity represents, among other things, a D&O liability exposure. The recent lawsuits filed against Target (refer here) and Wyndham Worldwide (refer here) underscore this point. In addition, at least according to a July 7, 2014 Bloomberg… Continue Reading

SEC Commissioner Aguilar Addresses Cybersecurity Oversight Responsibilities of Corporate Boards

Posted in Cyber Liability
In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s… Continue Reading

Guest Post: Cyber Security, Cyber Governance, and Cyber Insurance: What Every Public Company Director Needs to Know

Posted in Cyber Liability
  As I have frequently noted on this site (refer, for example, here), cyber security issues increasingly are a board level concern, and indeed, recent shareholder litigation has shown that investors intend to hold board members accountable when data breaches cause problems for their companies.  In the following guest article, which was previously published as a… Continue Reading

Thinking About the Chinese Military Officials’ Hacking Indictment and Data Breach Disclosure Issues

Posted in Cyber Liability
Cybersecurity has been a hot button issue for quite a while, but the U.S. Department of Justice ratcheted things up last week when it announced the indictment of five Chinese military officers for hacking into U.S. companies’ computers to steal trade secrets and other sensitive business information. U.S. prosecutors clearly believe the intrusions were serious… Continue Reading

Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit

Posted in Cyber Liability, Director and Officer Liability
 In what is the latest example of the potential cybersecurity-related liability of corporate boards, a shareholder for Wyndham Worldwide Corporation has initiated a derivative lawsuit against certain directors and officers of the company, as well as against the company itself as nominal defendant, related to the three data breaches the company the company and its… Continue Reading

District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action

Posted in Cyber Liability
It is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from hackers and… Continue Reading

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently

Posted in Cyber Liability, Health Care Organizations
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled “Nursing Homes Are Exposed to… Continue Reading