In my recent annual round-up of the top stories in the world of D&O liability, I noted that among the key D&O issues is the possibility of claims against corporate directors and officers arising out of cybersecurity incidents. One of the more interesting cybersecurity-related D&O claims in recent years is the securities class action lawsuit a plaintiff shareholder filed against FedEx in connection with the company’s disclosures concerning the “NotPetya” virus cyberattack on its European operations. What made the lawsuit interesting is that it involved not the company’s disclosures at the time of the cyber incident but rather concerned the company’s subsequent statements about the company’s recovery from the attack and the attack’s longer-term impact on its finances, operations, and business strategy. In a February 4, 2021 opinion (here), Southern District of New York Judge Ronnie Abrams granted the defendants’ motion to dismiss the FedEx NotPetya securities lawsuit, with prejudice. As I discuss below, the opinion has some interesting lessons on the importance of precautionary disclosure.
Continue Reading FedEx “NotPetya” Cyberattack Securities Suit Dismissed