cybersecurity

Subscribe to cybersecurity via RSS

The directors’ and officers’ liability environment is always changing, but 2025 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2026 – and possibly for years to come.  I have set out below the Top Ten D&O Stories of 2025, with a focus on future implications. Please note that on Thursday, January 15, 2026 at 11:00 am EST, my colleagues Marissa Streckfus, Chris Bertola, and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2025. Registration for the webinar can be found here. Please join us for the webinar.Continue Reading The Top Ten D&O Stories of 2025

The possibility of a securities class action lawsuit being filed against a company after it experiences a data breach is a long-standing risk. For most of 2025, there were relatively few of these kinds of suits filed, at least compared to recent years. However, last week, two different companies – the e-commerce firm Coupang and the application security firm F5 – were each hit with new cybersecurity-related securities class action lawsuits. The new lawsuits have several interesting features, as discussed below, and at a minimum underscore the fact that the threat of these kinds of cybersecurity suits is ongoing.Continue Reading Two Tech Companies Hit with Data Breach-Related Securities Suits

Sarah Abrams

In the following guest post, Sarah Abrams, Head of Claims Baleen Specialty, a division of Bowhead Specialty, takes a look at recent changes in the DOJ’s Data Security Program (DSP) and discusses the D&O liability and insurance implications. I would like to thank Sarah for allowing me to publish her article as guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Sarah’s article.Continue Reading Guest Post: Company Data Secure? The DOJ is Checking

A new wave of AI-powered scams is targeting companies by impersonating their most trusted leaders – the CEO, the CFO, and other senior executives. Cybercriminals are now using generative AI tools to create hyper-realistic video and audio deepfakes of company executives to trick lower-level employees into handing over millions of dollars in cash, critical data, and other business assets. While these kinds of scams aren’t necessarily new, AI language and image models are making the scams increasingly effective and more prevalent, according to a recent Wall Street Journal article. The August 18, 2025, article, entitled “AI Drives Rise in CEO Impersonator Scams,” can be found here.Continue Reading The Growing Threat of AI Deepfake Attacks

Well-advised companies know that among their key corporate risks are potential liability exposures arising from or related to cybersecurity. A recent U.S. Department of Justice enforcement action highlights the fact that corporate cybersecurity risk may take a number of forms, including, as was the case in the recent matter, potential False Claims Act (FCA) liability for cybersecurity vulnerabilities in products sold to the federal government. The fact that the recent case, involving life sciences company Illumina, settled for $9.8 million, underscores the seriousness of this cybersecurity-related liability FCA exposure.Continue Reading Cybersecurity and False Claims Act Liability Exposure

Sarah Abrams

Recent reports have brought to light the disturbing story that many companies may have unwittingly hired North Korean operatives as outsourced IT professionals. In the following guest post, Sarah Abrams, Head of Claims Baleen Specialty, a division of Bowhead Specialty, considers the potential claims exposure that could arise for companies that have hired the North Korean operatives. I would like to thank Sarah Abrams for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Sarah’s article. Continue Reading Guest Post: North Korean Hiring Exposure

The directors’ and officers’ liability environment is always changing, but 2024 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2025 – and possibly for years to come.  I have set out below the Top Ten D&O Stories of 2024, with a focus on future implications. Please note that on Wednesday, January 15, 2025 at 11:00 AM EST, my colleagues Marissa Streckfus, Chris Bertola, and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2024. Registration for the webinar can be found here. I hope you can join us for the webinar.Continue Reading The Top Ten D&O Stories of 2024

As I noted last week, President-Elect Donald Trump has indicated his intent to name former SEC Commissioner Paul Atkins as SEC Chair in the upcoming new administration. Atkins’s appointment, as I noted in last week’s post, could mean significant changes to the agency’s regulatory approach and enforcement priorities. Observers and commentators have continued to weigh in on the potential implications of Atkins’s appointment, and, as discussed below, academic commentators have tried to emphasize the importance of monitoring the agency closely under the new administration to ensure that it continues to be able to fulfill its traditional mission.Continue Reading More About the SEC Under the Incoming Presidential Administration

Earlier this week, the SEC announced that it had filed settled charges against four companies for alleged misleading disclosures concerning cybersecurity incidents at the companies. The charges against the companies arose out of the SEC’s investigation of companies potentially affected by the compromise of SolarWinds’ Orion software. One of the four companies was additionally charged with disclosure controls and procedures violations. Without admitting or denying the SEC’s charges, each company agreed to the entry of a cease-and-desist order against them. The companies agreed to pay civil penalties ranging from $4 million to $990,000. The SEC’s October 22, 2024, press release about the charges against the four companies can be found here.Continue Reading SEC Charges Four Companies for “Downplaying” Cyber Incidents