In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s
Guest Post: Cyber Security, Cyber Governance, and Cyber Insurance: What Every Public Company Director Needs to Know
As I have frequently noted on this site (refer, for example, here), cyber security issues increasingly are a board level concern, and indeed, recent shareholder litigation has shown that investors intend to hold board members accountable when data breaches cause problems for their companies. In the following guest article, which was previously published
Thinking About the Chinese Military Officials’ Hacking Indictment and Data Breach Disclosure Issues
Cybersecurity has been a hot button issue for quite a while, but the U.S. Department of Justice ratcheted things up last week when it announced the indictment of five Chinese military officers for hacking into U.S. companies’ computers to steal trade secrets and other sensitive business information. U.S. prosecutors clearly believe the intrusions were serious
Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit
In what is the latest example of the potential cybersecurity-related liability of corporate boards, a shareholder for Wyndham Worldwide Corporation has initiated a derivative lawsuit against certain directors and officers of the company, as well as against the company itself as nominal defendant, related to the three data breaches the company the company and its
District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action
It is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from
What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled “Nursing Homes Are Exposed to
Target Directors and Officers Hit with Derivative Suits Based on Data Breach
I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been
The Target Cyber Breach and Cyber Disclosure Practices
In a front-page, above-the-fold article on Saturday, January 18, 2014 — that is, more than a month after Target first learned from the Secret Service that the company had been the subject of a massive cyber security hack – the New York Times reported that the company was vulnerable to the cyber attack because its
Cybersecurity Disclosure Under Scrutiny
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices
Assessing U.S. Public Company Cyber Risk Disclosure Practices
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure