The D&O Diary

The D&O Diary

A PERIODIC JOURNAL CONTAINING ITEMS OF INTEREST FROM THE WORLD OF DIRECTORS & OFFICERS LIABILITY, WITH OCCASIONAL COMMENTARY

Category Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Up Next: Cyber Insurance Requirements for Banks?

Posted in Cyber Liability
As I noted in a post last week, in a speech earlier this month in which she outlined the steps bank boards can take to address cybersecurity issues, Sarah Raskin, the second-ranking official at the U.S. Department of Treasury, laid out the reasons why banking institutions should be investing in cyber insurance. This speech is … Continue Reading

Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance

Posted in Cyber Liability
Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate governance priority for company executives and corporate boards. For example, in a June 2014 speech, SEC … Continue Reading

Guest Post: Cyber Security Indeed: Derivative Action Dismissed Where Board Proactively Addressed Cyber Risks and Exposures

Posted in Cyber Liability
The derivative lawsuit filed against the board of Wyndham Worldwide Corporation in connection with the series of cyber breaches the company had experienced was being closely watched as possibly representative of a potential new area liability exposure for corporate directors and officers. However, as I discussed in a prior post (here), on October 20, 2014, … Continue Reading

Dismissal Granted in Cyber Breach-Related Derivative Suit Filed Against Wyndham Officials

Posted in Cyber Liability
 Along with the separate derivative lawsuit filed against Target Corporation’s board, the cyber breach-related derivate action filed against Wyndham Worldwide Corporation’s board has been closely watched as representative of a potential new area  liability exposure for corporate directors and officers.  However, in an October 20, 2014 opinion, District of New Jersey Judge Stanley Chesler, applying … Continue Reading

Guest Post: Cyber Security and Cyber Governance: Federal Regulation and Oversight – Today and Tomorrow

Posted in Cyber Liability
It seems that every day there is yet another story in the business pages about a significant data breach at a major company. Cybersecurity is an increasingly important topic for companies and their shareholders, and the problems with cybersecurity are an increasing concern in Washington as well. In the following guest post Paul A. Ferrillo … Continue Reading

Guest Post: The Cloud, Cyber Security and Cloud Cyber Governance: What Every Director Needs to Know

Posted in Cyber Liability
As I have noted frequently on this blog (most recently here), it is becoming increasingly clear that cybersecurity is viewed as a board level issue. At the same time that many boards have taken up the concerns surrounding cybersecurity issues, their companies increasingly are becoming dependent on cloud computing – which potentially could make their … Continue Reading

Guest Post: Mergers, Acquisitions, and Data Privacy: The FTC is Watching

Posted in Cyber Liability
The question of the privacy rights of consumers is an increasingly important topic. In the following guest post, Bill Boeck, Senior Vice President. Insurance & Claims Counsel for Lockton Financial Services, takes a look at recent actions the Federal Trade Commission has taken to protect consumers’ privacy rights and to enforce companies’ privacy policies.   … Continue Reading

More About Stories We’re Following

Posted in Cyber Liability, Director and Officer Liability
Cybersecurity as a D&O Liability Issue: I have noted in prior posts on this site (refer for example here) that cybersecurity represents, among other things, a D&O liability exposure. The recent lawsuits filed against Target (refer here) and Wyndham Worldwide (refer here) underscore this point. In addition, at least according to a July 7, 2014 Bloomberg … Continue Reading

SEC Commissioner Aguilar Addresses Cybersecurity Oversight Responsibilities of Corporate Boards

Posted in Cyber Liability
In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s … Continue Reading

Guest Post: Cyber Security, Cyber Governance, and Cyber Insurance: What Every Public Company Director Needs to Know

Posted in Cyber Liability
  As I have frequently noted on this site (refer, for example, here), cyber security issues increasingly are a board level concern, and indeed, recent shareholder litigation has shown that investors intend to hold board members accountable when data breaches cause problems for their companies.  In the following guest article, which was previously published as a … Continue Reading

Thinking About the Chinese Military Officials’ Hacking Indictment and Data Breach Disclosure Issues

Posted in Cyber Liability
Cybersecurity has been a hot button issue for quite a while, but the U.S. Department of Justice ratcheted things up last week when it announced the indictment of five Chinese military officers for hacking into U.S. companies’ computers to steal trade secrets and other sensitive business information. U.S. prosecutors clearly believe the intrusions were serious … Continue Reading

Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit

Posted in Cyber Liability, Director and Officer Liability
 In what is the latest example of the potential cybersecurity-related liability of corporate boards, a shareholder for Wyndham Worldwide Corporation has initiated a derivative lawsuit against certain directors and officers of the company, as well as against the company itself as nominal defendant, related to the three data breaches the company the company and its … Continue Reading

District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action

Posted in Cyber Liability
It is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from hackers and … Continue Reading

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently

Posted in Cyber Liability, Health Care Organizations
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled “Nursing Homes Are Exposed to … Continue Reading

Target Directors and Officers Hit with Derivative Suits Based on Data Breach

Posted in Cyber Liability, Director and Officer Liability
  I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been … Continue Reading

Cybersecurity Disclosure Under Scrutiny

Posted in Cyber Liability
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices … Continue Reading

Assessing U.S. Public Company Cyber Risk Disclosure Practices

Posted in Cyber Liability
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure … Continue Reading

A Critical Question Directors Should Be Asking Company Management About Cyber Risk

Posted in Cyber Liability
Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of these … Continue Reading

Cyber Breach Disclosures and the Impact on Companies’ Share Prices

Posted in Cyber Liability
The possibility of securities litigation following the disclosure of  a cyber security breach has been a topic of significant recent attention, including on this site. There already have been securities class action lawsuits filed following significant cyber breaches, at least in some cases. More recently, however, the stock prices of several major companies that recently … Continue Reading

Smaller Companies Should Consider Cyber-Liability Insurance

Posted in Cyber Liability
Smaller companies increasingly are the subject of data breaches  and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 CFO.com article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security infrastructure for … Continue Reading

Will Cybersecurity Issues Drive the Next Big Securities Litigation Wave?

Posted in Cyber Liability, Securities Litigation
I am sure many readers were disturbed as I was by the February 19, 2013 New York Times article reporting that a Chinese army unit apparently has been executing a concentrated cyber-hacking program targeting U.S. companies and critical U.S. infrastructure. (The report of consulting firm Mandiant that was the basis of the Times article can be … Continue Reading