For any organization experiencing a data breach, the organization’s response to the incident remains one of the most important and yet one of the most challenging next steps. In the following guest post, Paul Ferrillo, a partner in the New York office of the Greenberg Traurig law firm, examines the ways that an organization can respond well to a cyber incident. I would like to thank Paul for his willingness to allow me to publish his article as a guest post on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: The Speed of Breaches and Other Bad News in Cybersecurity Incident Response
cyber exposure
Guest Post: Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees
There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look at the reasons for the rise in the number of cyber attacks as well as the steps that law firms can take to try to defend themselves and their clients. John is the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on CybersecurityDocket.com. I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees
Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint
As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A copy of the complaint can be found here.
In the following guest post, John E. Clabby and Joseph W. Swanson of the Carlton Fields Jorden Burt law firm take a look at the Home Depot data breach D&O lawsuit and provide their views on what the lawsuit may foreshadow for future D&O litigation. Jack and Joe also review what they think are the lessons for corporate boards and managers from the lawsuit’s allegations, as well as the implications of the lawsuit for companies that experience a data breach in the future.
I would like to thank Jack and Joe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Jack and Joe’s guest post.
********************************************
Ending months of speculation, a shareholder has finally filed a derivative lawsuit against the directors and management of The Home Depot, Inc., in connection with the massive data breach the company suffered in 2014. The complaint, which alleges breach of fiduciary duty and corporate waste, fits the emerging template of shareholder derivative lawsuits after breaches at public companies. As such, it is worth a closer analysis for those whose jobs include protection of public companies and their boards from and during data breaches, both directly through more robust cybersecurity measures and indirectly through director and officer insurance and cyber-risk policies.
Continue Reading Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint
That Time the Entire Cyber Security Exposure Narrative Changed
The hack attack on Sony Pictures Entertainment was massive, and it had a devastating effect on the company. As detailed in the December 30, 2014 Wall Street Journal article entitled “Behind the Scenes at Sony as Hacking Crisis Unfolded,” (here), the hackers who attacked Sony’s systems didn’t just pilfer the company’s data — …
Quick Hits: Cyber Breach Inevitability, Insider Trading Law, and Accountant Liability
Over the past several days there have been a number of items that will be of interest to readers of this blog, which I note briefly here.
First, an article in the December 20, 2014 Wall Street Journal entitled “Sony Made It Easy, But Any of Us Could Get Hacked” (here), contends that …
Guest Post: Cyber Security: The Importance of a Battle-Tested Incident Response Plan
With all of the high profile data breaches that have taken place in recent months, cyber security is a critical topic at the top of just about everyone’s agenda. In the following guest post, Paul A. Ferrillo of the Weil Gotshal law firm takes a look at the best approach to the cyber security challenge …
Target Directors and Officers Hit with Derivative Suits Based on Data Breach
I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been …
A Critical Question Directors Should Be Asking Company Management About Cyber Risk
Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of…