Paul Ferrillo
Chris Veltsos

As this blog’s readers know, there have been a number of management liability claims that have been raised against companies that have experienced cybersecurity incidents. In the following guest post by Paul Ferrillo and Chris Veltsos, the authors argue that cyber risk is in fact D&O risk and that the risk is growing. The authors also suggest a 10-step plan to grapple with the risk. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. My thanks to thank Paul and Chris for allowing me to publish this article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chris’s article.
Continue Reading Guest Post: Time to Face the Music – Cyber Risk is D&O Risk – And Things Are Getting Worse!

The EU’s General Data Protection Regulation went into effect with great fanfare in May 2018, along with great trepidation about the potential fines regulators might impose for violation of the regulation’s requirements. In the following months, regulators imposed relatively few fines, for relatively modest amounts. However, just in the last several days, the U.K. privacy regulator has announced the potential imposition of two massive GDPR fines, underscoring the regulation’s potential huge impact. The newly announced fines, involving British Airways and Marriott International, have a number of serious implications for other companies, for the future of GDPR enforcement, and for the significance of privacy issues generally as an area of corporate risk.
Continue Reading Massive GDPR Fines Have Serious Implications for Corporate Risk

It is not news that the choices CEOs make can significantly impact the companies they lead. But at least according to a recent academic study, CEOs’ ability to affect their companies is not limited just to the decisions they make in their corporate posts, but also includes decisions they make in their personal lives. According to