Paul Ferrillo
Chris Veltsos

As this blog’s readers know, there have been a number of management liability claims that have been raised against companies that have experienced cybersecurity incidents. In the following guest post by Paul Ferrillo and Chris Veltsos, the authors argue that cyber risk is in fact D&O risk and that the risk is growing. The authors also suggest a 10-step plan to grapple with the risk. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. My thanks to thank Paul and Chris for allowing me to publish this article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chris’s article.
Continue Reading Guest Post: Time to Face the Music – Cyber Risk is D&O Risk – And Things Are Getting Worse!

David M. Furbush
David M. Lisi

Cybersecurity issues are currently at the top of the agenda for corporate boards. In the following guest post, David M. Furbush and David M. Lisi of the Pillsbury law firm review what corporate directors should understand about their companies’ cybersecurity risks and how boards can go about proactively participating in decisions about what to do to mitigate these risks. I would like to thank David and David for their willingness to allow me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David and David’s guest post.
Continue Reading Guest Post: What Corporate Directors Need to Know about Cybersecurity

Clabby_Jack (1)
John E. Clabby
Swanson_Joseph
Joseph W. Swanson

As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A copy of the complaint can be found here.

In the following guest post, John E. Clabby and Joseph W. Swanson of the Carlton Fields Jorden Burt law firm take a look at the Home Depot data breach D&O lawsuit and provide their views on what the lawsuit may foreshadow for future D&O litigation. Jack and Joe also  review what they think are the lessons for corporate boards and managers from the lawsuit’s allegations, as well as the implications of the lawsuit for companies that experience a data breach in the future.

I would like to thank Jack and Joe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Jack and Joe’s guest post.

********************************************

 

Ending months of speculation, a shareholder has finally filed a derivative lawsuit against the directors and management of The Home Depot, Inc., in connection with the massive data breach the company suffered in 2014. The complaint, which alleges breach of fiduciary duty and corporate waste, fits the emerging template of shareholder derivative lawsuits after breaches at public companies. As such, it is worth a closer analysis for those whose jobs include protection of public companies and their boards from and during data breaches, both directly through more robust cybersecurity measures and indirectly through director and officer insurance and cyber-risk policies.
Continue Reading Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint