The D&O Diary

The D&O Diary

A PERIODIC JOURNAL CONTAINING ITEMS OF INTEREST FROM THE WORLD OF DIRECTORS & OFFICERS LIABILITY, WITH OCCASIONAL COMMENTARY

Tag Archives: cyber liability

More About Stories We’re Following

Posted in Cyber Liability, Director and Officer Liability
Cybersecurity as a D&O Liability Issue: I have noted in prior posts on this site (refer for example here) that cybersecurity represents, among other things, a D&O liability exposure. The recent lawsuits filed against Target (refer here) and Wyndham Worldwide (refer here) underscore this point. In addition, at least according to a July 7, 2014 Bloomberg … Continue Reading

SEC Commissioner Aguilar Addresses Cybersecurity Oversight Responsibilities of Corporate Boards

Posted in Cyber Liability
In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s … Continue Reading

Guest Post: Cyber Security, Cyber Governance, and Cyber Insurance: What Every Public Company Director Needs to Know

Posted in Cyber Liability
  As I have frequently noted on this site (refer, for example, here), cyber security issues increasingly are a board level concern, and indeed, recent shareholder litigation has shown that investors intend to hold board members accountable when data breaches cause problems for their companies.  In the following guest article, which was previously published as a … Continue Reading

Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit

Posted in Cyber Liability, Director and Officer Liability
 In what is the latest example of the potential cybersecurity-related liability of corporate boards, a shareholder for Wyndham Worldwide Corporation has initiated a derivative lawsuit against certain directors and officers of the company, as well as against the company itself as nominal defendant, related to the three data breaches the company the company and its … Continue Reading

District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action

Posted in Cyber Liability
It is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from hackers and … Continue Reading

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently

Posted in Cyber Liability, Health Care Organizations
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled “Nursing Homes Are Exposed to … Continue Reading

Target Directors and Officers Hit with Derivative Suits Based on Data Breach

Posted in Cyber Liability, Director and Officer Liability
  I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been … Continue Reading

Cybersecurity Disclosure Under Scrutiny

Posted in Cyber Liability
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices … Continue Reading

Assessing U.S. Public Company Cyber Risk Disclosure Practices

Posted in Cyber Liability
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure … Continue Reading

A Critical Question Directors Should Be Asking Company Management About Cyber Risk

Posted in Cyber Liability
Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of these … Continue Reading

Cyber Breach Disclosures and the Impact on Companies’ Share Prices

Posted in Cyber Liability
The possibility of securities litigation following the disclosure of  a cyber security breach has been a topic of significant recent attention, including on this site. There already have been securities class action lawsuits filed following significant cyber breaches, at least in some cases. More recently, however, the stock prices of several major companies that recently … Continue Reading

Smaller Companies Should Consider Cyber-Liability Insurance

Posted in Cyber Liability
Smaller companies increasingly are the subject of data breaches  and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 CFO.com article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security infrastructure for … Continue Reading

Will Cybersecurity Issues Drive the Next Big Securities Litigation Wave?

Posted in Cyber Liability, Securities Litigation
I am sure many readers were disturbed as I was by the February 19, 2013 New York Times article reporting that a Chinese army unit apparently has been executing a concentrated cyber-hacking program targeting U.S. companies and critical U.S. infrastructure. (The report of consulting firm Mandiant that was the basis of the Times article can be … Continue Reading

Employer Social Media Policies, Cyber Security and Other Web Notes

Posted in Corporate Governance
As the various forms of social media have become increasingly pervasive, employers have struggled with appropriate responses to employees’ use of the social media sites. One question in particular that has arisen is the extent to which employers can seek to regulate and even discipline employees’ use of social media to comment on the employer … Continue Reading

Guest Post: Cyber Security and Data Breaches — Why Directors and Officers Should Be Concerned

Posted in D & O Insurance
I am pleased to publish below an article by my good friend Richard J. Bortnick (pictured left) concerning the directors’ and officers’ liability issues related to cyber security and data breaches. Rick is a Member of the Cozen O’Connor law firm and he is also the co-author of the CyberInquirer blog. This article first appeared … Continue Reading