As I have noted in prior posts on this site (most recently here), plaintiffs’ lawyers’ claims in cybersecurity-related D&O lawsuits recently have fared poorly. A number of these suits recently have failed to clear the initial pleading hurdles. However, in a ruling last week, the federal judge presiding over the SolarWinds cybersecurity-related securities suits substantially denied the defendants’ motions to dismiss in an opinion that has a number of interesting features, as discussed below. Western District of Texas Judge Robert Pitman’s March 30, 2022 opinion in the case can be found here.
Continue Reading Dismissal Motion Largely Denied in the SolarWinds Cybersecurity-Related Securities Suit

On March 9, 2022, the SEC finally released its long-anticipated updated cybersecurity disclosure requirements. The proposed rules, inclusive of specifications both for incident reporting and for risk management and governance disclosure, were adopted by a 3-1 vote and are now subject to a public reporting period. The new rules, which the Commission’s press release says are “designed to better inform investors about a registrant’s risk management, strategy, and governance and to provide timely notification of material cybersecurity incidents,” underscore the Commission’s emphasis on cybersecurity reporting and disclosure issues.

The SEC’s March 9, 2022 press release about the proposed new rules can be found here. The Commission’s two-page “fact sheet” about the new rules can be found here. The Commission’s 129-page proposing release can be found here. Cydney Posner’s March 9, 2022 post on the Cooley law firm’s PubCo blog about the proposed rules can be found here.
Continue Reading SEC Proposes New Rules for Cybersecurity Disclosure and Incident Reporting Rules

As I have noted in numerous posts on this site (most recently here), the plaintiffs’ track record in data breach-related securities class action lawsuits is mixed at best. To be sure, there have been cases in which plaintiffs’ have prevailed, but overall the plaintiffs’ track record in data breach-related securities suits has been poor. In the latest setback for plaintiffs in these kinds of cases, the Ninth Circuit has affirmed the trial court’s dismissal of the data breach-related securities suit filed against Zendesk. A copy of the Ninth Circuit’s March 2, 2022 Opinion in the Zendesk case can be found here.
Continue Reading Ninth Circuit Affirms Zendesk Data Breach Securities Suit Dismissal

Readers of this blog know that two important current litigation trends involve the filing of claims relating to cybersecurity incidents and the filing of COVID-19-related claims.  A new securities class action lawsuit filed this week touched on both of these securities suit filing trends. Secure technology company Telos Corporation was hit with a securities suit following a decline in the price of its shares after the company experienced revenue delays owing to cybersecurity and coronavirus related “headwinds” that postponed the company’s performance of two key contracts. A copy of the plaintiffs’ complaint filed on February 7, 2022 against Telos can be found here.
Continue Reading New Lawsuit Reflects Cybersecurity and Coronavirus-Related Litigation Trends

The directors’ and officers’ liability environment is always changing, but 2021 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2022 – and possibly for years to come.  I have set out below the Top Ten D&O Stories of 2021, with a focus on the future implications. Please note that on Thursday, January 13, 2022 at 11:00 AM EST, my colleague Marissa Streckfus and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2021. Registration for the webinar can be found here. I hope you will please join us for the webinar.
Continue Reading The Top Ten D&O Stories of 2021

The filing of data breach and other cybersecurity incident-related shareholder derivative lawsuits against corporate boards is nothing new; plaintiffs’ lawyers have been filing these kinds of claims now for several years. However, in recent months, the plaintiffs’ lawyers have shown an increasing inclination to file these claims based on allegations of breach of the duty of oversight. The latest example of this type of claim is the shareholder derivative suit filed this week against the board of T-Mobile USA. Although the plaintiff’s complaint does not expressly use the words “breach of the duty of oversight” or refer to “Caremark duties,” the complaint does refer to the board’s alleged “failure to monitor” and to the board’s alleged failure “to heed red flags” – the very kind of allegations that are at the heart of breach of the duty of oversight claims. A copy of the plaintiff’s complaint in the November 29, 2021 lawsuit can be found here.
Continue Reading Data Breach-Related Derivative Suit Filed Against T-Mobile USA Board

In the latest example of claimants seeking to assert the newly revitalized type of claim for breach of the duty of oversight against corporate boards, plaintiff shareholders have filed a derivative lawsuit in Delaware Chancery Court against certain past and current directors of technology company SolarWinds, based on the massive cybersecurity incident involving the company’s software and systems discovered in December 2020. As discussed below, there are several interesting features of this lawsuit in light of recent developments involving claims for alleged breaches of the duty of oversight. A copy of the heavily redacted publicly available version of the plaintiffs’ complaint against the SolarWinds board can be found here.
Continue Reading Cybersecurity-Related Breach of the Duty of Oversight Claim Filed Against SolarWinds Board

Rachel Soich

As I have noted in prior posts on this site, cybersecurity issues can lead to D&O claims. In the following guest post, Rachel Soich, FCAS, MAAA. Consulting Actuary at Milliman, considers steps that companies can take to avoid cyber-related D&O costs. A prior version of this article previously was published in Milliman Insight. I would like to thank Rachel for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Rachel’s article.
Continue Reading Guest Post: Three Ways to Avoid Cyber-Related D&O Costs

In an interesting development, the U.S. District Court Judge overseeing the cybersecurity-related securities class action lawsuit pending against title insurance company First American Financial Corp. has granted the defendants’ motion to dismiss. The dismissal in the case is interesting because the company had in June 2021 agreed with the SEC to enter a cease-and-desist order and to pay a modest civil penalty to settle charges related to the same cybersecurity incident. The dismissal is also interesting because it shows how plaintiffs’ lawyers have struggled to get traction with cybersecurity-related securities suits. A copy of the Court’s September 22, 2021 order granting the motion to dismiss in the First American securities suit can be found here.
Continue Reading Cybersecurity-Related Securities Suit Dismissed

When companies are hit with cybersecurity incidents, class action privacy litigation often follows. However, claimants in these kinds of cases face a threshold challenge of showing they have suffered a sufficient “injury in fact” to establish that they have standing to assert their claims. The following guest post, written by Paul Ferrillo, Kristine Argentine, Emily Dorner, and Alexandra Drury of the Seyfarth Shaw law firm, provides a survey of the current state of play for the standing requirements in this type of litigation. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article. 
Continue Reading Guest Post: First There was Litigation; And Then There Was Standing