Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Guest Post: War Exclusions and Cyber Attacks

In June 2017, the food company Mondelez International was one of the companies hit by the major global computer malware attack dubbed NotPetya. According to news reports, the malware caused damage to the company’s network servers and computers in excess of $100 million. Various sources have attributed the malware attack to the Russian military. Mondelez … Continue Reading

Guest Post: Beat the Clock: 5 Important Steps to Deal with Today’s Complicated Cyber Breach Disclosure World

Cybersecurity threats are on the rise. Companies that find themselves hit with data breaches face a number of challenges, including in particular the challenge of responding to strict breach disclosure and notification requirements. In the following guest post, Paul A. Ferrillo, a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice, … Continue Reading

Guest Post: Ransomeware’s Dirty Little Secret: Most Corporate Victims Pay

As cybersecurity has become an increasingly important consideration for all corporate operations, one of the most pernicious problems has been the rise of so-called “ransomware” attacks – that is, systems breaches in which hackers take control of corporate networks and demand ransom payments as a condition of unlocking the systems. In the following guest post, … Continue Reading

Yahoo Data Breach-Related Derivative Suit Settled for $29 Million

In recent years, plaintiffs’ lawyers have filed a number of management liability lawsuits against the executives of companies that have experienced high-profile data breaches. These lawsuits have either been filed as shareholder derivative lawsuits or securities class action lawsuits. By and large, the cases filed as shareholder derivative lawsuits have been unsuccessful. However, in a … Continue Reading

Are GDPR Fines and Penalties Insurable?

When the European Union’s updated General Data Protection Regulation (GDPR) went into effect on May 25, 2018, media reports focused on the potentially massive fines that the regulation authorizes – the regulation authorizes fines of up to €20 million or 4 percent of a company’s annual worldwide revenue, whichever is higher, for noncompliance with the … Continue Reading

Cybersecurity Disclosure Practices and Standards

In February 2018, the SEC updated its cybersecurity disclosure guidelines for reporting companies, emphasizing the importance to investors and markets for prompt and robust disclosure relating to cyber issues. Indeed, in April, the agency brought its first enforcement action relating to cybersecurity enforcement issues. In its recent annual report, the agency’s enforcement division emphasized that … Continue Reading

SEC Warns of Need for Internal Controls to Prevent Cyberscams

The threat of cyberscams in the form of what has been called “social engineering fraud” or “payment instruction fraud” has become pervasive. In these swindles, imposters posing as senior corporate executives or company vendors direct company personnel to transfer funds to accounts that the imposters control. Losses from these frauds can be substantial, and, as … Continue Reading

Guest Post: The Speed of Breaches and Other Bad News in Cybersecurity Incident Response

 For any organization experiencing a data breach, the organization’s response to the incident remains one of the most important and yet one of the most challenging next steps. In the following guest post, Paul Ferrillo, a partner in the New York office of the Greenberg Traurig law firm, examines the ways that an organization can … Continue Reading

6th Circ.: Crime Policy’s Computer Fraud Section Covers Email Scheme Losses

In the second policyholder-favorable federal appellate court decision on the issue in a matter of days, the Sixth Circuit has held that the Computer Fraud provisions of a commercial crime policy cover a company’s losses from an email payment instruction fraud scheme. Just last week, the Second Circuit ruled in the Medidata case that Computer … Continue Reading

Guest Post: Why the Crypto-Enforcement Onslaught by U.S. Regulators Has Just Begun

One of the most significant recent developments in the financial world has been the sudden proliferation of cryptocurrencies. The quick rise of digital currencies seemingly caught regulators by surprise; regulatory action and involvement was slow to develop. But as John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office … Continue Reading

Guest Post: Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers

Among the many problems that have come to light in the current cryptocurrency craze have been problems relating to celebrity endorsements for initial coin offerings (ICO). In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, reviews the highest profile examples … Continue Reading

A Multitude of Cryptocurrency Developments

 The astonishing bitcoin bubble may have burst over the last several days. From its intraday peak in December 2017 of $19,783, the price for bitcoin had fallen as of Saturday to $8,524, a decline of over 60%. (Price declines continued on Monday.) Bitcoin’s price has fallen before and it has generally proven to be volatile. … Continue Reading

Guest Post: Which ICOs are Next to Get Caught up in the SEC’s ICO Dragnet?

One of the most interesting and arresting business stories of 2017 has been the astonishing proliferation of initial coin offerings (ICOs), as I discussed in a prior post (here). Readers who have been watching this story develop undoubtedly are aware that things have been moving very quickly recently on the regulatory front with respect to … Continue Reading

Investors File Data Breach-Related Securities Suit Against PayPal

Commentators (including me) have long speculated about the possible future direction of data breach-related litigation. There have of course been a number of very high profile data breach-related consumer class action suits, but so far relatively few data breach related D&O lawsuits. Of course, more recently investors filed a securities class action lawsuit involving the high-profile … Continue Reading

Guest Post: What Corporate Directors Need to Know about Cybersecurity

Cybersecurity issues are currently at the top of the agenda for corporate boards. In the following guest post, David M. Furbush and David M. Lisi of the Pillsbury law firm review what corporate directors should understand about their companies’ cybersecurity risks and how boards can go about proactively participating in decisions about what to do … Continue Reading

Cryptocurrencies and ICOs: Problems and Promise

Anyone who reads the business pages these days has to be aware that there has been a surge of interest and activity involving cryptocurrencies, and in particular involving initial coin offerings (“ICOs”). In third quarter 2017 alone, 105 ICOs raised over $1.3 billion. This level of activity has in turn attracted regulatory scrutiny and even … Continue Reading
LexBlog