Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Guest Post: Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of Financial Reporting Oversight

In this day and age, the members of the boards of directors of most companies understand that cybersecurity issues are both important and should be a board-level priority. But while these issues and responsibilities are now well-recognized, many boards still struggle to translate these issues into action. In the following guest post from John Reed … Continue Reading

Senate Bill Would Require Disclosure Concerning Corporate Boards’ Cybersecurity Expertise

It is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue … Continue Reading

Wyndham Worldwide Settles Data Breach-Related FTC Enforcement Action

According to the company’s December 9, 2015 press release (here), Wyndham Worldwide has reached a settlement with the Federal Trade Commission in the long-running and high-profile civil action the agency filed against the company and its affiliates in connection with data breaches at the company during the period 2008-2010. Under the terms of the settlement, … Continue Reading

FTC Data Breach-Related Enforcement Action Dismissed Based on Lack of Alleged Consumer Harm

Following the Third Circuit’s August 2015 decision in which the appellate court affirmed the Federal Trade Commission’s authority to pursue an enforcement action against Wyndham Worldwide alleging that the company failed to make reasonable efforts to protect consumers’ private information, there have been concerns that other companies experiencing data breaches could be the target of … Continue Reading

Book Review: A Cybersecurity Guide for Corporate Directors and Officers

We are long past the point where cybersecurity can be treated like an emerging, obscure or peripheral issue. The fact is that cybersecurity is now an important concern for every organization and enterprise. For that reason, cybersecurity is also now an important concern for everyone responsible for protecting and guiding those organizations and enterprises, including … Continue Reading

Guest Post: SEC’s Regulatory Action Against R.T. Jones: Did the Other Cybersecurity Shoe Just Drop?

On September 22, 2015, in what has been described as the SEC’s first cybersecurity-related enforcement action, the SEC announced that it had entered a settlement St. Louis-based investment advisor R.T. Jones Capital Equities Management, Inc., based on charges that the company had failed to establish the required cybersecurity policies and procedures in advance of a breach … Continue Reading

Book Review: Cyber Risks, Social Media and Insurance

We live in a world in which rapidly shifting technologies and communications modalities have changed the way we interact and conduct business. These new media and means of interaction have introduced innumerable benefits and efficiencies. Unfortunately, these new alternatives have down sides; among other things, they mean new risks and even liability exposures for both … Continue Reading

Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint

As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A … Continue Reading

Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers

In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. (here) and Wyndham Worldwide (here), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the Wyndham Worldwide case was dismissed (refer here) and no … Continue Reading

When Data Hacks Lead to D&O Lawsuits, Actual and Threatened

Many observers, including even this blog, have speculated whether the rising wave of data breaches and cyber security attacks will result in litigation against the directors and officers of the affected companies. Indeed, in 2014, there were two sets of lawsuits filed against the boards of companies that had experienced high-profile data breaches, Target Corp. … Continue Reading

Third Circuit: FTC May Pursue Data Breach Enforcement Action against Wyndham Worldwide

On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham Worldwide Corp. and related entities alleging that the … Continue Reading

Guest Post: Cyber & Privacy Policy Exclusions: Analyzing Differences, Negotiating Modifications

The exclusions are an important part of any liability insurance policy, but this is particularly true of cyber liability insurance polices. In the following guest post, Robert Bregman, CPCU, MLIS, RPLU, Senior Research Analyst, International Risk Management Institute, Inc., takes a look at the ten of the most common exclusions found in cyber liability and … Continue Reading

O.K., This Is a Big Deal: 7th Cir. Reinstates Neiman Marcus Consumer Data Breach Class Action

In a ruling that could provide an important boost future consumer data breach class action litigation, the Seventh Circuit has reinstated the Neiman Marcus data breach lawsuit, ruling that the district court erred in concluding that the plaintiffs’ fear of future harm from the breach was insufficient to establish standing to pursue their claims. As Alison … Continue Reading

Next Up: A Home Depot Data Breach-Related D&O Lawsuit?

After claimants filed shareholders’ data breach-related derivative suits against the boards of Target (here) and Wyndham Worldwide (here), a number of commentators (including me) asked whether we could see a wave of cybersecurity related D&O lawsuits. Interestingly, since these two lawsuits were filed more than a year ago, there have been no further lawsuits of … Continue Reading

Guest Post: Courts Uphold California Privacy Claims Despite Vague Allegations: Opening The Litigation Floodgates?

Among the many concerns that arise whenever unauthorized appropriation or use of consumer data occurs is the possible violation of the consumers’ privacy that the access may represent. In numerous cases, aggrieved parties have tried to assert claims for these alleged privacy violations, but by and large these attempts have not been successful. However, as … Continue Reading

Guest Post: Cybersecurity Enforcement: The FTC Is Out There

Along with the disruption and the reputational damage, a company experiencing a data breach can also find itself attracting the unwanted attention of regulators. Among the federal regulators that has proven to be active in data breach arena has been the Federal Trade Commission. In the following guest post, Robert Carangelo, Eric Hochstadt, and Gaspard Curioni of … Continue Reading

Guest Post: Is Employee Awareness and Training the Holy Grail of Cybersecurity?

In the current environment, most organizations are aware of the potential threats to their firms from a breach of their data systems and networks. Among the ways companies can protect themselves from these types of threats is through improved employee awareness and training. In the following guest post, Paul Ferrillo and Randi Singer of the … Continue Reading
LexBlog