Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Guest Post: Cyber Risk Health Factors Case Study — Technology Alone Can’t Fix Security

In the second part of a three part series, Paul Ferrillo and Christophe Veltsos explain how cyber risk assessments can provide value. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where … Continue Reading

Guest Post: Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now

In the following guest post, Francis Kean, Executive Director FINEX Willis Towers Watson, take a look at an interesting and arguably surprising recent U.K. judicial decision in which a supermarket chain was held liable for the unauthorized Internet disclosure of its employees’ personal data. Francis has some interesting observations about the decision’s possible implications as … Continue Reading

Guest Post: The Missing Link of Cybersecurity — Time for a Cyber Risk Check-Up

The threats to data security are substantial. Every organization faces some level of cyber risk. So how do we get better at cybersecurity? That is the question that Paul Ferrillo and Christophe Veltsos ask in the following guest post. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. … Continue Reading

Guest Post: Information Security and Privacy – What Business Leaders Need To Know

In the current environment, most people are aware that there are serious pitfalls and problems involved with data security and privacy. However, business leaders may not always be aware of their legal and ethical duties for securing employee, customer, and partner information. In the following guest post, Libby Benet, JD, CIPP US, Principal Benet Consulting, … Continue Reading

Guest Post: War Exclusions and Cyber Attacks

In June 2017, the food company Mondelez International was one of the companies hit by the major global computer malware attack dubbed NotPetya. According to news reports, the malware caused damage to the company’s network servers and computers in excess of $100 million. Various sources have attributed the malware attack to the Russian military. Mondelez … Continue Reading

Guest Post: Beat the Clock: 5 Important Steps to Deal with Today’s Complicated Cyber Breach Disclosure World

Cybersecurity threats are on the rise. Companies that find themselves hit with data breaches face a number of challenges, including in particular the challenge of responding to strict breach disclosure and notification requirements. In the following guest post, Paul A. Ferrillo, a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice, … Continue Reading

Guest Post: Ransomeware’s Dirty Little Secret: Most Corporate Victims Pay

As cybersecurity has become an increasingly important consideration for all corporate operations, one of the most pernicious problems has been the rise of so-called “ransomware” attacks – that is, systems breaches in which hackers take control of corporate networks and demand ransom payments as a condition of unlocking the systems. In the following guest post, … Continue Reading

Yahoo Data Breach-Related Derivative Suit Settled for $29 Million

In recent years, plaintiffs’ lawyers have filed a number of management liability lawsuits against the executives of companies that have experienced high-profile data breaches. These lawsuits have either been filed as shareholder derivative lawsuits or securities class action lawsuits. By and large, the cases filed as shareholder derivative lawsuits have been unsuccessful. However, in a … Continue Reading

Are GDPR Fines and Penalties Insurable?

When the European Union’s updated General Data Protection Regulation (GDPR) went into effect on May 25, 2018, media reports focused on the potentially massive fines that the regulation authorizes – the regulation authorizes fines of up to €20 million or 4 percent of a company’s annual worldwide revenue, whichever is higher, for noncompliance with the … Continue Reading

Cybersecurity Disclosure Practices and Standards

In February 2018, the SEC updated its cybersecurity disclosure guidelines for reporting companies, emphasizing the importance to investors and markets for prompt and robust disclosure relating to cyber issues. Indeed, in April, the agency brought its first enforcement action relating to cybersecurity enforcement issues. In its recent annual report, the agency’s enforcement division emphasized that … Continue Reading

SEC Warns of Need for Internal Controls to Prevent Cyberscams

The threat of cyberscams in the form of what has been called “social engineering fraud” or “payment instruction fraud” has become pervasive. In these swindles, imposters posing as senior corporate executives or company vendors direct company personnel to transfer funds to accounts that the imposters control. Losses from these frauds can be substantial, and, as … Continue Reading

Guest Post: The Speed of Breaches and Other Bad News in Cybersecurity Incident Response

 For any organization experiencing a data breach, the organization’s response to the incident remains one of the most important and yet one of the most challenging next steps. In the following guest post, Paul Ferrillo, a partner in the New York office of the Greenberg Traurig law firm, examines the ways that an organization can … Continue Reading

6th Circ.: Crime Policy’s Computer Fraud Section Covers Email Scheme Losses

In the second policyholder-favorable federal appellate court decision on the issue in a matter of days, the Sixth Circuit has held that the Computer Fraud provisions of a commercial crime policy cover a company’s losses from an email payment instruction fraud scheme. Just last week, the Second Circuit ruled in the Medidata case that Computer … Continue Reading

Guest Post: Why the Crypto-Enforcement Onslaught by U.S. Regulators Has Just Begun

One of the most significant recent developments in the financial world has been the sudden proliferation of cryptocurrencies. The quick rise of digital currencies seemingly caught regulators by surprise; regulatory action and involvement was slow to develop. But as John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office … Continue Reading

Guest Post: Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers

Among the many problems that have come to light in the current cryptocurrency craze have been problems relating to celebrity endorsements for initial coin offerings (ICO). In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, reviews the highest profile examples … Continue Reading

A Multitude of Cryptocurrency Developments

 The astonishing bitcoin bubble may have burst over the last several days. From its intraday peak in December 2017 of $19,783, the price for bitcoin had fallen as of Saturday to $8,524, a decline of over 60%. (Price declines continued on Monday.) Bitcoin’s price has fallen before and it has generally proven to be volatile. … Continue Reading

Guest Post: Which ICOs are Next to Get Caught up in the SEC’s ICO Dragnet?

One of the most interesting and arresting business stories of 2017 has been the astonishing proliferation of initial coin offerings (ICOs), as I discussed in a prior post (here). Readers who have been watching this story develop undoubtedly are aware that things have been moving very quickly recently on the regulatory front with respect to … Continue Reading

Investors File Data Breach-Related Securities Suit Against PayPal

Commentators (including me) have long speculated about the possible future direction of data breach-related litigation. There have of course been a number of very high profile data breach-related consumer class action suits, but so far relatively few data breach related D&O lawsuits. Of course, more recently investors filed a securities class action lawsuit involving the high-profile … Continue Reading
LexBlog