The coronavirus pandemic poses a host of threats and challenges for every organization. The outbreak also presents a number of serious challenges for boards of directors as well. In the following guest post, Paul Ferrillo, a partner in the McDermott, Will & Emery law firm, considers the challenges that boards are facing and the litigation threats that may arise as a result. I would like to thank Paul for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading

One of the most watched and commented on corporate and securities litigation trends over the last several years has been the rise of management liability related lawsuits arising from cybersecurity-related incidents. While there has never been the volume of cases that some commentators expected, there have been a number of cases filed. The latest of these lawsuits is the securities class action lawsuit filed this week against FedEx, in which the plaintiff shareholder alleges the company did not fully disclose the extent of the disruption at its European operation after it was hit with the NotPetya malware virus in June 2017. A number of the allegations in the new FedEx complaint are similar to those raised in prior cybersecurity-related securities suit, suggesting some of the factors that might lead to this type of cybersecurity follow-on lawsuit. A copy of the complaint, filed in the Southern District of New York on June 26, 2019, can be found here.
Continue Reading

Karen Boto

In the following guest post, Karen Boto, Legal Director at the Clyde & Co. law firm, takes a look at the unusual circumstances that have recently come to light in connection with the cryptocurrency trading platform Quadriga, as well as the insurance issues that the circumstances might involve. I would like to thank Karen for allowing me to publish her guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Karen’s article.
Continue Reading

The outrage that followed Uber’s revelation that hackers had accessed 57 million passenger and drive records was not about the breach itself. It was about the accompanying disclosure that the company had kept the news of the data breach secret after paying the hackers a ransom. The outrage at these disclosures was not lost on lawmakers in Washington. A measure was recently introduced in Congress that would impose new criminal penalties on anyone convicted of “intentionally and willfully” concealing a data breach, including fines and up to five years imprisonment, or both. This proposed provision is only one of several measure intended to ensure that companies quickly notify affected persons that a data breach has occurred.
Continue Reading

There has been a steady drumbeat of news about high profile data breaches in the past several days, including the news about the Equifax data breach and the disclosure of the breach at the SEC. In the following guest post, John Reed Stark takes a look at these data breaches and their implications. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. I would like to thank John for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.
Continue Reading

John Stark Reed

Readers undoubtedly are aware of the recent outbreak of ransomware incidents and the problems they present. The threat of ransomware attacks poses a host of issues, among the most significant of which is whether or not ransomware victims should go ahead and make the demanded ransomware payment as the quickest way to try to recover captured systems. In the following blog post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a comprehensive look that problems involved with making payments in response to a ransomware attack. A version of this article originally appeared on CybersecurityDocket.

I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s guest post.
Continue Reading

SEC logoCybersecurity has been and remains one of the hot topics in corporate governance. Several federal regulatory agencies, including the SEC, have made it clear that cybersecurity is a high priority item and at the top of their agenda. The SEC’s particular cybersecurity focus has been on consumer privacy and on corporate disclosure. But though the SEC has made cybersecurity issues, including disclosure, a top priority, it appears to be the case that very few public companies are actually disclosing cybersecurity and data breach incidents in their SEC filings. The current disclosure practices could be a concern for investors – and for D&O underwriters.
Continue Reading

Odonnell, Stephen - Chicago - 300 DPI
Stephen O’Donnell

Cyber liability insurance is a relatively new product and many of the terms and conditions found in cyber-liability policies are as yet untested in the courts. In this guest post, Stephen O’Donnell of the Steptoe & Johnson law firm takes a look at two particular standard features of the cyber liability insurance policies, the retroactive date and policy inception date exclusions, and the potential for these exclusions to preclude coverage for the very kind of exposures that are the reasons most purchasers buy the insurance.

I would like to thank Stephen for his willingness to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Stephen’s guest post.


Continue Reading

Stark Photo
John Reed Stark

There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look at the reasons for the rise in the number of cyber attacks as well as the steps that law firms can take to try to defend themselves and their clients. John is the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on CybersecurityDocket.com. I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading

weilIn the following guest post, Paul Ferrillo of the Weil Gotshal law firm and Christophe Veltsos, CISSP, CISA, and CIPP, and an Associate Professor at Minnesota State University, Mankato, take a look at a recent NASDAQ survey of corporate officials in multiple countries on the topic of cybersecurity accountability. As Paul and Christophe detail, there is reason to be concerned about the apparent lack of cybersecurity literacy, awareness and risk assessments among corporate officials surveyed. The authors also take a look at the steps companies can take to address these concerns.

I would like to thank Paul and Christophe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chrisophe’s guest post.
Continue Reading