Tag Archives: cybersecurity

Guest Post: Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees

There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look … Continue Reading

Guest Post: Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of Financial Reporting Oversight

In this day and age, the members of the boards of directors of most companies understand that cybersecurity issues are both important and should be a board-level priority. But while these issues and responsibilities are now well-recognized, many boards still struggle to translate these issues into action. In the following guest post from John Reed … Continue Reading

Senate Bill Would Require Disclosure Concerning Corporate Boards’ Cybersecurity Expertise

It is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue … Continue Reading

Book Review: A Cybersecurity Guide for Corporate Directors and Officers

We are long past the point where cybersecurity can be treated like an emerging, obscure or peripheral issue. The fact is that cybersecurity is now an important concern for every organization and enterprise. For that reason, cybersecurity is also now an important concern for everyone responsible for protecting and guiding those organizations and enterprises, including … Continue Reading

Guest Post: SEC’s Regulatory Action Against R.T. Jones: Did the Other Cybersecurity Shoe Just Drop?

On September 22, 2015, in what has been described as the SEC’s first cybersecurity-related enforcement action, the SEC announced that it had entered a settlement St. Louis-based investment advisor R.T. Jones Capital Equities Management, Inc., based on charges that the company had failed to establish the required cybersecurity policies and procedures in advance of a breach … Continue Reading

Third Circuit: FTC May Pursue Data Breach Enforcement Action against Wyndham Worldwide

On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham Worldwide Corp. and related entities alleging that the … Continue Reading

Guest Post: Cybersecurity Enforcement: The FTC Is Out There

Along with the disruption and the reputational damage, a company experiencing a data breach can also find itself attracting the unwanted attention of regulators. Among the federal regulators that has proven to be active in data breach arena has been the Federal Trade Commission. In the following guest post, Robert Carangelo, Eric Hochstadt, and Gaspard Curioni of … Continue Reading

Guest Post: Is Employee Awareness and Training the Holy Grail of Cybersecurity?

In the current environment, most organizations are aware of the potential threats to their firms from a breach of their data systems and networks. Among the ways companies can protect themselves from these types of threats is through improved employee awareness and training. In the following guest post, Paul Ferrillo and Randi Singer of the … Continue Reading

Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance

Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate governance priority for company executives and corporate boards. For example, in a June 2014 speech, SEC … Continue Reading

More About Stories We’re Following

Cybersecurity as a D&O Liability Issue: I have noted in prior posts on this site (refer for example here) that cybersecurity represents, among other things, a D&O liability exposure. The recent lawsuits filed against Target (refer here) and Wyndham Worldwide (refer here) underscore this point. In addition, at least according to a July 7, 2014 Bloomberg … Continue Reading

SEC Commissioner Aguilar Addresses Cybersecurity Oversight Responsibilities of Corporate Boards

In a June 10, 2014 speech entitled “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus” delivered at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar highlighted the critical importance of the involvement of boards of directors in cybersecurity oversight. In his speech, Aguilar stressed that “ensuring the adequacy of a company’s … Continue Reading

Cybersecurity Disclosure Under Scrutiny

The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face n the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s new Chair, Mary Jo White. The agency’s developing practices … Continue Reading

Assessing U.S. Public Company Cyber Risk Disclosure Practices

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a picture of what companies are disclosing and what the disclosure … Continue Reading
LexBlog