John Reed Stark

In the following guest post, John Reed Stark President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at questions of confidentiality surrounding a discovery dispute between class action plaintiffs and a data breach victim company relating to forensic work conducted by Crowdstrike, Inc. in connection with a 2018 data security incident at Marriott International, Inc. As Stark notes, the issue of protecting the confidentiality of post-data breach forensic findings (when the forensic firm is typically engaged by counsel) has become of critical importance and has significant consequences. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: More Battles Over Digital Forensic Findings

Stephen Reilly
Andrew Jones

Data breach class action lawsuits are already well-established in the United States, but are only developing elsewhere. In the following guest post, Stephen Reilly and Andrew Jones of Beale & Company Solicitors take a look at the possibilities and prospects for data breach class actions in the U.K. A version of this article previously was published as a Beale & Company client alert. I would like to thank Stephen and Andrew for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Stephen and Andrew’s guest post.
Continue Reading Guest Post: Data Breach Class Actions in the UK — What Next?

Paul Ferrillo

In the following guest post, Paul Ferrillo provides a primer for the purchase of cybersecurity insurance. Paul is a partner in the McDermott, Will & Emery law firm. My thanks to Paul for allowing me to publish his article as a guest post on this site. I welcome guest posts from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: The Basics and Essentials of Purchasing Cybersecurity Insurance

John Reed Stark

Is a company’s post-breach forensic report subject to discovery in subsequent breach related litigation? That is the question that John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, examines in the following guest post. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Data Breach Forensic Reports: Keeping a Grail Document Confidential

One of the hot topics for mainstream P&C insurers these days is dealing with “silent cyber” – that is, the coverage for cyber-related losses in traditional property and casualty insurance policies. There are a number of initiatives underway in the insurance underwriting community as insurers try to address silent cyber. However, as noted in an interesting January 14, 2020 memo from the Covington law firm entitled “The Noise About ‘Silent Cyber’ Insurance Coverage” (here), these initiatives have important implications for policyholders. Among other things, these initiatives potentially could result in a gap in policyholders’ coverage for cyber-related losses, as discussed below.
Continue Reading Addressing “Silent Cyber” and the Risk of Coverage Gaps

John Reed Stark

The news of the recent massive data breach at Capital One made the front pages of the business sections of newspapers across the country. The hack has drawn attention not just because of the magnitude of the hack, but also because the hackers apparently managed to steal data from The Cloud. The Capital Data breach represents a “wake-up call” for boards of directors, according to the following guest post from John Reed Stark. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. My thanks to John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: What the Capital One Hack Means for Board of Directors

Paul Ferrillo
Christophe Veltsos

In the following guest post, Paul Ferrillo and Christophe Veltsos consider the implications of the recently announced bankruptcy of the corporate parent of a medical billing company following a high-profile date breach at the billing company. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to than Paul and Chris for their willingness to allow me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Chris’s article.
Continue Reading Guest Post: Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive

 For any organization experiencing a data breach, the organization’s response to the incident remains one of the most important and yet one of the most challenging next steps. In the following guest post, Paul Ferrillo, a partner in the New York office of the Greenberg Traurig law firm, examines the ways that an organization can respond well to a cyber incident. I would like to thank Paul for his willingness to allow me to publish his article as a guest post on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: The Speed of Breaches and Other Bad News in Cybersecurity Incident Response

While commentators (like me) were predicting a blitz of data breach-related D&O litigation, the anticipated onslaught failed to materialize. The few cases that were filed –in the form of shareholder derivative suits — were unsuccessful. More recently, however, plaintiffs’ lawyers have been taking a different approach to data breach-related D&O lawsuits, filing their cases in the form of securities class action lawsuits. These more recent suits involve cases against Equifax (about which refer here) and PayPal (here). Now plaintiffs’ lawyers have filed yet another data breach-related securities suit, this one against Qudian, a Chinese company that just completed its IPO in October 2017.   
Continue Reading Yet Another Data Breach-Related Securities Suit Filed

John Stark Reed

Readers undoubtedly are aware of the recent outbreak of ransomware incidents and the problems they present. The threat of ransomware attacks poses a host of issues, among the most significant of which is whether or not ransomware victims should go ahead and make the demanded ransomware payment as the quickest way to try to recover captured systems. In the following blog post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a comprehensive look that problems involved with making payments in response to a ransomware attack. A version of this article originally appeared on CybersecurityDocket.

I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s guest post.
Continue Reading Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance