One of the most watched and commented on corporate and securities litigation trends over the last several years has been the rise of management liability related lawsuits arising from cybersecurity-related incidents. While there has never been the volume of cases that some commentators expected, there have been a number of cases filed. The latest of these lawsuits is the securities class action lawsuit filed this week against FedEx, in which the plaintiff shareholder alleges the company did not fully disclose the extent of the disruption at its European operation after it was hit with the NotPetya malware virus in June 2017. A number of the allegations in the new FedEx complaint are similar to those raised in prior cybersecurity-related securities suit, suggesting some of the factors that might lead to this type of cybersecurity follow-on lawsuit. A copy of the complaint, filed in the Southern District of New York on June 26, 2019, can be found here.
Continue Reading FedEx Hit with Cyber Attack-Related Securities Suit
Guest Post: Rating Agency Downgrades Following Cyber Breaches — Are They the Canary in the D&O Coal Mine?
In the following guest post, Paul Ferrillo and Chris Veltsos take a look at the latest consequences that companies are now facing following a data breach – a rating agency downgrade. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to thank Paul and Chris for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest article. Here is Paul and Chris’s article.
Continue Reading Guest Post: Rating Agency Downgrades Following Cyber Breaches — Are They the Canary in the D&O Coal Mine?
Guest Post: Cyber Risk Health Factors Case Study — Technology Alone Can’t Fix Security
In the second part of a three part series, Paul Ferrillo and Christophe Veltsos explain how cyber risk assessments can provide value. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. The first article in their series can be found here. In a forthcoming third article, the authors will address the technical tools side of cyber assessment, as opposed to people/processes/governance. I would like to thank Paul and Chris for their willingness to allow me to publish their article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Paul and Chris’s article is set out below.
Continue Reading Guest Post: Cyber Risk Health Factors Case Study — Technology Alone Can’t Fix Security
Guest Post: The Missing Link of Cybersecurity — Time for a Cyber Risk Check-Up
The threats to data security are substantial. Every organization faces some level of cyber risk. So how do we get better at cybersecurity? That is the question that Paul Ferrillo and Christophe Veltsos ask in the following guest post. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to thank Paul and Chris for their willingness to allow me to publish their article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Paul and Chris’s article is set out below. Please be sure to also see the item at the end of the post about International Women’s Day.
Continue Reading Guest Post: The Missing Link of Cybersecurity — Time for a Cyber Risk Check-Up
Guest Post: Beat the Clock: 5 Important Steps to Deal with Today’s Complicated Cyber Breach Disclosure World
Cybersecurity threats are on the rise. Companies that find themselves hit with data breaches face a number of challenges, including in particular the challenge of responding to strict breach disclosure and notification requirements. In the following guest post, Paul A. Ferrillo, a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice, takes a look at the steps the companies can take before they are breached to be better positioned to respond to the notification requirements in the event of a breach. I would like to thank Paul for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: Beat the Clock: 5 Important Steps to Deal with Today’s Complicated Cyber Breach Disclosure World
Guest Post: Ransomeware’s Dirty Little Secret: Most Corporate Victims Pay
As cybersecurity has become an increasingly important consideration for all corporate operations, one of the most pernicious problems has been the rise of so-called “ransomware” attacks – that is, systems breaches in which hackers take control of corporate networks and demand ransom payments as a condition of unlocking the systems. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at the ransomware phenomenon, how companies are responding, and why. A version of this article previously was published on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Ransomeware’s Dirty Little Secret: Most Corporate Victims Pay
Dismissal Motion Granted in PayPal Data Breach-Related Securities Suit
As I have noted in several recent posts, plaintiffs’ lawyers seem to have a renewed interest in trying to pursue securities class action lawsuits against companies that have experienced a data breach. Just to cite one recent example, as discussed here, within a day of Marriott’s recent high-profile announcement of a data breach involving its Starwood unit’s customer database, plaintiffs’ lawyers filed a securities class action lawsuit against the company. While plaintiffs’ lawyers may be drawn to these data breach cases, the cases may or may not prove to be successful for them. For example, in a recent ruling in the data breach-related securities class action lawsuit filed against PayPal late last year, the court granted the defendants’ motion to dismiss. The ruling highlights many of the problems plaintiffs’ lawyers will have in trying to pursue these kinds of cases. Northern District of California Judge Edward Chen’s December 13, 2018 ruling in the case can be found here.
Continue Reading Dismissal Motion Granted in PayPal Data Breach-Related Securities Suit
Guest Post: Ohio Now Accepts Bitcoin for Tax Payments; No Problem, Right?
Lost amidst all of the turmoil surrounding the dramatic swings in the value of digital currencies is that the original idea for these digital assets is that they might actually be used as exchange media, in place of traditional currencies. Whether or not someone might use cryptocurrency to, say, buy a cup of coffee at Starbuck’s, Ohio residents, at least, may now use bitcoin to pay their state taxes. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at Ohio’s recent bitcoin move and reviews what it might mean – for Ohio, and in general. A version of this article previously was published on CybersecurityDocket.com. I would like to thank John for allowing me to publish his guest article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Ohio Now Accepts Bitcoin for Tax Payments; No Problem, Right?
What to Watch Now in the World of D&O
Every year just after Labor Day, I take a step back and survey the most important current trends and developments in the world of Directors’ and Officers’ liability and D&O insurance. This year’s survey is set out below. Once again, there are a host of things worth watching in the world of D&O.
Continue Reading What to Watch Now in the World of D&O
Guest Post: Cybersecurity and D&O Liability: Emerging Concerns under Indian Law
One of the most closely watched issues in the world of D&O is the extent to which cybersecurity-related issues will lead to liability for corporate directors and officers. In the following guest post, Tarun Krishnakumar, a New Delhi attorney qualified in India and California specializing on issues relating to emerging technology , takes a look at the corporate liability framework under Indian laws with respect to emerging cybersecurity exposures. I would like to thank Tarun for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Tarun’s article.
Continue Reading Guest Post: Cybersecurity and D&O Liability: Emerging Concerns under Indian Law