In the current environment, most organizations are aware of the potential threats to their firms from a breach of their data systems and networks. Among the ways companies can protect themselves from these types of threats is through improved employee awareness and training. In the following guest post, Paul Ferrillo and Randi Singer of the
Thinking About the Data Breach Securities Class Action Lawsuits Yet to Come
There has been extensive litigation filed in the wake of the many high-profile data breaches over the last several years, but by and large the lawsuits have been filed on behalf of consumers or employees. Along the way, there have also been lawsuits filed against the directors and officers of the companies that experienced the
Guest Post: The Key Players in Cybersecurity Investigations
One of the most immediate challenges when a company experiences a data breach is trying to figure out what has happened – how the breach occurred and how serious it is. Determining what has happened is also critical to re-establishing the company’s cybersecurity. In the following guest post Robert F. Carangelo and Paul A. Ferrillo
Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance
Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate governance priority for company executives and corporate boards. For example, in a June 2014 speech,
More About Stories We’re Following
Cybersecurity as a D&O Liability Issue: I have noted in prior posts on this site (refer for example here) that cybersecurity represents, among other things, a D&O liability exposure. The recent lawsuits filed against Target (refer here) and Wyndham Worldwide (refer here) underscore this point. In addition, at least according to a
SEC Commissioner Aguilar Addresses Cybersecurity Oversight Responsibilities of Corporate Boards
In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s
Cybersecurity Disclosure Under Scrutiny
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices
Assessing U.S. Public Company Cyber Risk Disclosure Practices
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure