Data breach

Guest Post: SolarWinds – Einstein Failed Us, and the Cyber Insurance Markets will Feel the Squeeze

By Kevin LaCroix on January 11, 2021

As I noted in a prior post, the recent state-sponsored cyber incident carried out through an attack on SolarWinds has a number of important implications. As noted in the following guest post from Paul Ferrillo, the incident could also have important implications for the cyber insurance marketplace. Paul is a partner in the McDermott, Will & Emery law firm. I would like to thank Paul for allowing me to publish this article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: SolarWinds – Einstein Failed Us, and the Cyber Insurance Markets will Feel the Squeeze

SolarWinds Hit with Securities Suit Based on Third-Party Governmental Actor Cyber Attack

By Kevin LaCroix on January 5, 2021

Posted in Securities Litigation

In my round-up of the Top D&O Stories of 2020, which I published earlier this week, I noted that the recent massive state-actor hack of U.S. government agencies and technology companies underscored the fact that cybersecurity represents a significant operational and management risk for organization of every type. I also noted that cybersecurity-related issues represent an ongoing D&O claims risk. As if to confirm these propositions, the first securities class action lawsuit of the New Year was filed against Solar Winds, the network infrastructure management company whose breached software is believe to have contributed to the recent massive hack. As discussed below, the newly filed complaint highlights the fact that cybersecurity represents a significant potential source of management liability risk.
Continue Reading SolarWinds Hit with Securities Suit Based on Third-Party Governmental Actor Cyber Attack

Online Learning Firm Hit with COVID-19-Related Securities Suit

By Kevin LaCroix on November 22, 2020

Posted in Coronavirus

Technology-based education firm K12, Inc., which hoped to be able to profit from the pandemic-related shift to virtual learning , has been hit with a securities class action lawsuit alleging that the company’s share price declined after school systems using its platform to address their online learning needs allegedly experienced disappointing results. A copy of the shareholder plaintiff’s November 19, 2020 complaint can be found here.
Continue Reading Online Learning Firm Hit with COVID-19-Related Securities Suit

Guest Post: Attribution on Election Cyber-Attacks: Don’t Rush to Judgment

By Kevin LaCroix on October 20, 2020

Posted in Cyber Liability

Along with all of the other anxieties about the upcoming Presidential election, there is the concern that someone, somewhere will use some type of cyberattack to interfere with the electoral process. If that were to happen, the immediate question will “Who did it?” In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, underscores the difficulties associated with identifying the actors behind any cyberattack and cautions against jumping to conclusions about who might have been involved. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Attribution on Election Cyber-Attacks: Don’t Rush to Judgment

Guest Post: More Battles Over Digital Forensic Findings

By Kevin LaCroix on September 9, 2020

Posted in Cyber Liability

In the following guest post, John Reed Stark President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at questions of confidentiality surrounding a discovery dispute between class action plaintiffs and a data breach victim company relating to forensic work conducted by Crowdstrike, Inc. in connection with a 2018 data security incident at Marriott International, Inc. As Stark notes, the issue of protecting the confidentiality of post-data breach forensic findings (when the forensic firm is typically engaged by counsel) has become of critical importance and has significant consequences. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: More Battles Over Digital Forensic Findings

Guest Post: Data Breach Class Actions in the UK — What Next?

By Kevin LaCroix on August 11, 2020

Posted in Cyber Liability

Data breach class action lawsuits are already well-established in the United States, but are only developing elsewhere. In the following guest post, Stephen Reilly and Andrew Jones of Beale & Company Solicitors take a look at the possibilities and prospects for data breach class actions in the U.K. A version of this article previously was published as a Beale & Company client alert. I would like to thank Stephen and Andrew for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Stephen and Andrew’s guest post.
Continue Reading Guest Post: Data Breach Class Actions in the UK — What Next?

Guest Post: The Basics and Essentials of Purchasing Cybersecurity Insurance

By Kevin LaCroix on July 21, 2020

Posted in Cyber Liability

In the following guest post, Paul Ferrillo provides a primer for the purchase of cybersecurity insurance. Paul is a partner in the McDermott, Will & Emery law firm. My thanks to Paul for allowing me to publish his article as a guest post on this site. I welcome guest posts from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: The Basics and Essentials of Purchasing Cybersecurity Insurance

Guest Post: Data Breach Forensic Reports: Keeping a Grail Document Confidential

By Kevin LaCroix on June 16, 2020

Posted in Cyber Liability

Is a company’s post-breach forensic report subject to discovery in subsequent breach related litigation? That is the question that John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, examines in the following guest post. A version of this article originally appeared on Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Data Breach Forensic Reports: Keeping a Grail Document Confidential

Addressing “Silent Cyber” and the Risk of Coverage Gaps

By Kevin LaCroix on January 20, 2020

Posted in Cyber Liability

One of the hot topics for mainstream P&C insurers these days is dealing with “silent cyber” – that is, the coverage for cyber-related losses in traditional property and casualty insurance policies. There are a number of initiatives underway in the insurance underwriting community as insurers try to address silent cyber. However, as noted in an interesting January 14, 2020 memo from the Covington law firm entitled “The Noise About ‘Silent Cyber’ Insurance Coverage” (here), these initiatives have important implications for policyholders. Among other things, these initiatives potentially could result in a gap in policyholders’ coverage for cyber-related losses, as discussed below.
Continue Reading Addressing “Silent Cyber” and the Risk of Coverage Gaps

Guest Post: What the Capital One Hack Means for Board of Directors

By Kevin LaCroix on August 6, 2019

Posted in Cyber Liability

The news of the recent massive data breach at Capital One made the front pages of the business sections of newspapers across the country. The hack has drawn attention not just because of the magnitude of the hack, but also because the hackers apparently managed to steal data from The Cloud. The Capital Data breach represents a “wake-up call” for boards of directors, according to the following guest post from John Reed Stark. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on Securities Docket. My thanks to John for allowing me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: What the Capital One Hack Means for Board of Directors

The D&O Diary

Data breach

Guest Post: SolarWinds – Einstein Failed Us, and the Cyber Insurance Markets will Feel the Squeeze

SolarWinds Hit with Securities Suit Based on Third-Party Governmental Actor Cyber Attack

Online Learning Firm Hit with COVID-19-Related Securities Suit

Guest Post: Attribution on Election Cyber-Attacks: Don’t Rush to Judgment

Guest Post: More Battles Over Digital Forensic Findings

Guest Post: The Basics and Essentials of Purchasing Cybersecurity Insurance

Guest Post: Data Breach Forensic Reports: Keeping a Grail Document Confidential

Addressing “Silent Cyber” and the Risk of Coverage Gaps

Guest Post: What the Capital One Hack Means for Board of Directors

Nuts And Bolts of D&O Insurance

Disclaimer