I have frequently noted that among the many exposures a company experiencing a data breach could encounter is the possibility of a shareholder suit alleging that the company’s board breached their fiduciary duties by failing to take sufficient steps to protect the company from a breach and its consequences. This possibility has now been
The Target Cyber Breach and Cyber Disclosure Practices
In a front-page, above-the-fold article on Saturday, January 18, 2014 — that is, more than a month after Target first learned from the Secret Service that the company had been the subject of a massive cyber security hack – the New York Times reported that the company was vulnerable to the cyber attack because its
Cybersecurity Disclosure Under Scrutiny
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices
Assessing U.S. Public Company Cyber Risk Disclosure Practices
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure
A Critical Question Directors Should Be Asking Company Management About Cyber Risk
Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article, cyber attacks –ranging from malicious software to denial of service attacks – increased 42% in 2012. The trend has only accelerated in 2013. As the possibility and potential scope of
Cyber Breach Disclosures and the Impact on Companies’ Share Prices
The possibility of securities litigation following the disclosure of a cyber security breach has been a topic of significant recent attention, including on this site. There already have been securities class action lawsuits filed following significant cyber breaches, at least in some cases. More recently, however, the stock prices of several major companies
Smaller Companies Should Consider Cyber-Liability Insurance
Smaller companies increasingly are the subject of data breaches and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 CFO.com article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security
Will Cybersecurity Issues Drive the Next Big Securities Litigation Wave?
I am sure many readers were disturbed as I was by the February 19, 2013 New York Times article reporting that a Chinese army unit apparently has been executing a concentrated cyber-hacking program targeting U.S. companies and critical U.S. infrastructure. (The report of consulting firm Mandiant that was the basis of the Times article can be
Guest Post: Cyber Risks: New Focus for Directors
I recently had a meeting with the board of a publicly traded company. Among the topics I knew that I would be asked to address at the board meeting is the growing risk of cyber liability. In my preparation for the board meeting, I came across a recent article by D&O maven Dan Bailey, a partner in
Employer Social Media Policies, Cyber Security and Other Web Notes
As the various forms of social media have become increasingly pervasive, employers have struggled with appropriate responses to employees’ use of the social media sites. One question in particular that has arisen is the extent to which employers can seek to regulate and even discipline employees’ use of social media to comment on the employer