Cyber Liability

Subscribe to Cyber Liability via RSS
John Reed Stark

The news of the recent massive data breach at Capital One made the front pages of the business sections of newspapers across the country. The hack has drawn attention not just because of the magnitude of the hack, but also because the hackers apparently managed to steal data from The Cloud. The Capital Data breach represents a “wake-up call” for boards of directors, according to the following guest post from John Reed Stark. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. My thanks to John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: What the Capital One Hack Means for Board of Directors

Paul Ferrillo
Christophe Veltsos

In the following guest post, Paul Ferrillo and Christophe Veltsos consider the implications of the recently announced bankruptcy of the corporate parent of a medical billing company following a high-profile date breach at the billing company. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to than Paul and Chris for their willingness to allow me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chris’s article.
Continue Reading Guest Post: Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive

In the following guest post, Paul Ferrillo and Chris Veltsos take a look at the latest consequences that companies are now facing following a data breach – a rating agency downgrade. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to thank Paul and Chris for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest article. Here is Paul and Chris’s article.
Continue Reading Guest Post: Rating Agency Downgrades Following Cyber Breaches — Are They the Canary in the D&O Coal Mine?

Paul Ferrillo
Christophe Veltsos

In the second part of a three part series, Paul Ferrillo and Christophe Veltsos explain how cyber risk assessments can provide value. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes.  The first article in their series can be found here. In a forthcoming third article, the authors will address the technical tools side of cyber assessment, as opposed to people/processes/governance. I would like to thank Paul and Chris for their willingness to allow me to publish their article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Paul and Chris’s article is set out below.
Continue Reading Guest Post: Cyber Risk Health Factors Case Study — Technology Alone Can’t Fix Security

Francis Kean

In the following guest post, Francis Kean, Executive Director FINEX Willis Towers Watson, take a look at an interesting and arguably surprising recent U.K. judicial decision in which a supermarket chain was held liable for the unauthorized Internet disclosure of its employees’ personal data. Francis has some interesting observations about the decision’s possible implications as well. A version of this article previously was published on the Willis Towers Watson Wire blog (here). I would like to thank Francis for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Francis’s article:
Continue Reading Guest Post: Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now

Paul A. Ferrillo
Christophe Veltsos

The threats to data security are substantial. Every organization faces some level of cyber risk. So how do we get better at cybersecurity? That is the question that Paul Ferrillo and Christophe Veltsos ask in the following guest post. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to thank Paul and Chris for their willingness to allow me to publish their article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Paul and Chris’s article is set out below. Please be sure to also see the item at the end of the post about International Women’s Day.
Continue Reading Guest Post: The Missing Link of Cybersecurity — Time for a Cyber Risk Check-Up

Libby Benet

In the current environment, most people are aware that there are serious pitfalls and problems involved with data security and privacy. However, business leaders may not always be aware of their legal and ethical duties for securing employee, customer, and partner information. In the following guest post, Libby Benet, JD, CIPP US, Principal Benet Consulting, takes a look at these issues, as well as the important differences between information security and privacy. I would like to thank Libby for allowing me to publish her article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Libby’s article.
Continue Reading Guest Post: Information Security and Privacy – What Business Leaders Need To Know

Bill Boeck

In June 2017, the food company Mondelez International was one of the companies hit by the major global computer malware attack dubbed NotPetya. According to news reports, the malware caused damage to the company’s network servers and computers in excess of $100 million. Various sources have attributed the malware attack to the Russian military. Mondelez submitted its losses to its property insurer, which denied coverage in reliance on the policy’s war exclusion. Mondelez and its insurer are now in coverage litigation. In the following guest post, Bill Boeck takes a look at the litigation and its implications. Bill is currently Senior Vice President and Insurance and Claims Counsel with the Lockton Companies.  He is Lockton’s global leader for cyber claims and for the development of proprietary cyber wordings and endorsements.  Bill also leads Lockton’s US financial lines claims practice. A version of this article previously was published on the Lockton Cyber Risk Update Blog. I would like to thank Bill for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: War Exclusions and Cyber Attacks

Cybersecurity threats are on the rise. Companies that find themselves hit with data breaches face a number of challenges, including in particular the challenge of responding to strict breach disclosure and notification requirements. In the following guest post, Paul A. Ferrillo, a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice, takes a look at the steps the companies can take before they are breached to be better positioned to respond to the notification requirements in the event of a breach. I would like to thank Paul for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: Beat the Clock: 5 Important Steps to Deal with Today’s Complicated Cyber Breach Disclosure World

John Reed Stark

As cybersecurity has become an increasingly important consideration for all corporate operations, one of the most pernicious problems has been the rise of so-called “ransomware” attacks – that is, systems breaches in which hackers take control of corporate networks and demand ransom payments as a condition of unlocking the systems. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at the ransomware phenomenon, how companies are responding, and why. A version of this article previously was published on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Ransomeware’s Dirty Little Secret: Most Corporate Victims Pay