In the immediate aftermath of the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, which revitalized so-called Caremark claims for breach of the duty of oversight, one question I was asked was whether claimants might seek to assert breach of the duty of oversight claims in the context of cybersecurity and data privacy issues. Claimants did, in fact, subsequently raise Caremark claims in connection with the high-profile date breaches at Marriott and SolarWinds, but in each case, the Delaware Chancery Court granted the defendants’ motions to dismiss (as discussed here and here, respectively), raising questions about the viability of duty of oversight claims in the cybersecurity context.
Notwithstanding the less than promising track record for these kinds of claims, in a recent article, NYU Law Professor Jennifer Arlen argues that cybersecurity-related claims for breach of the duty of oversight should support Caremark liability in at least one class of cases – that is, cases relating to companies for whom cybersecurity is a “mission critical legal risk” and in which it is alleged that the company had inadequate cybersecurity that risked (and later caused) substantial harm to businesses and government agency customers, and that the company had misled the customers through statements that were designed to defraud the customers into believing that the company’s cybersecurity systems were materially better than they were. Professor Arlen’s March 18, 2025, post on the Harvard Law School Forum on Corporate Governance about Caremark claims in the cybersecurity context can be found here.Continue Reading Cybersecurity and the Duty of Oversight
Over the last few years, I have posted numerous items citing examples were sexual misconduct allegations or a hostile workplace environment have led to D&O claims. Many of these kinds of suits followed in the wake of the #MeToo movement. The fact that these kinds of allegations can lead to D&O claims is well understood in the D&O insurance industry. However, I know from recent conversations that some in the industry believe that the risk of these kinds of D&O claims has diminished as the #MeToo movement has evolved. However, recent events at the gaming company Activision Blizzard shows that unfortunately the kinds of underlying allegations that have led to claims are not a thing of the past; as discussed below, Activision Blizzard has now been hit with a securities suit based on underlying sexual misconduct and discrimination allegations.
In the second in a series of podcasts discussing the impact of the new Biden Administration on the world of directors’ and officers’ liability and insurance, Megan Brown of the Wiley law firm and Rob Yellen of Willis Towers Watson and I recently recorded a session that is now available in a May 3, 2021
In 
In the following guest post, Umesh Pratapa takes a look at directors’ liability issues under Indian law, and also examines the protections that are available for directors as well. Umesh is a Consultant – Liability Insurance, in India. Umesh’s article was originally published in the July 2020 issue of “Director Today”, a monthly journal of the Institute of Directors (IOD), India. Reproduced with the kind permission of the publisher, Institute of Directors, India. I would like to thank Umesh for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Umesh’s article.