In a recent post in which I discussed the cyber incident-related enforcement action the SEC brought against the software company SolarWinds, I noted that the defendants named in the action included the company’s Chief Information Security Officer(CISO), adding that the SEC’s naming of the CISO as an enforcement action defendants “is sure to send a shiver down the collective spines of the CISO community.” In the following guest post, Priya Cherian Huskins, Senior Vice President and Partner, Woodruff Sawyer, takes a detailed look at the agency’s action against the SolarWinds CISO, and considers the key liability and insurance implications. A version of this article previously published on Woodruff Sawyer’s D&O Notebook here. I would like to thank Priya for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Priya’s article.Continue Reading Guest Post: CISO Liability in Focus: SEC Enforcement, Insurance, and [Personal] Risk Mitigation
In prior posts on this site (for example 
On March 9, 2022, the SEC finally released its long-anticipated updated cybersecurity disclosure requirements. The proposed rules, inclusive of specifications both for incident reporting and for risk management and governance disclosure, were adopted by a 3-1 vote and are now subject to a public reporting period. The new rules, which the Commission’s press release says are “designed to better inform investors about a registrant’s risk management, strategy, and governance and to provide timely notification of material cybersecurity incidents,” underscore the Commission’s emphasis on cybersecurity reporting and disclosure issues.
Among the companies with D&O litigation in recent years arising from sexual misconduct allegations was the clothing and consumer products company L Brands. The parties to the various legal proceedings arising out of the allegations have reached a settlement in which L Brands has agreed to adopt a number of management and governance measures; in order to fund these initiatives, the company has committed to funding of $90 million over the course of five years. As discussed below, the settlement has several interesting features. The parties’ July 30, 2021 stipulation of settlement can be found 
Having observed and commented on the D&O insurance industry for many years, I am accustomed to periodic proclamations from non-industry-based observers about how the D&O insurance industry ought to work, based on various social, behavioral, or economic notions. These periodic declarations usually start with a series of vexed observations that the D&O industry does or does not do things that economic or behavioral models suggest the industry should or should not do, and then the declarations move on to a series of proposed prescriptions that would mandate how the D&O insurance business ought to work, for the supposed greater good of all.
In the following guest post, Ulrike Binder, a corporate partner in Mayer Brown’s Frankfurt office, Jan Kraayvanger, a partner in Frankfurt office of Mayer Brown’s Litigation & Dispute Resolution practice, Burkhard Fassbach, Legal Counsel to Howden Germany, take a look at recent corporate governance and executive liability developments in Germany. A version of this article previously was published as a White Paper by Mayer Brown written in cooperation with Howden Germany. The original version also contains a chapter about D&O-Insurance in Germany authored by Marcel Armon, CEO Howden Germany, which can be found