Corporate

Recent Posts

Third Circuit: FTC May Pursue Data Breach Enforcement Action Against Wyndham Worldwide
Posted on 27 Aug 2015 by Kevin M. LaCroix

On August 24, 2015, in a ruling that was much-anticipated because of its potential implications for the regulatory liability exposures of companies that have been hit with data breaches, the Third Circuit affirmed the authority of the Federal Trade Commission... Read More

Cybersecurity Disclosure Under Scrutiny
Posted on 6 Nov 2013 by Kevin M. LaCroix

The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face in the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division... Read More

That Time the Entire Cyber Security Exposure Narrative Changed
Posted on 5 Jan 2015 by Kevin M. LaCroix

The hack attack on Sony Pictures Entertainment was massive, and it had a devastating effect on the company. As detailed in the December 30, 2014 Wall Street Journal article entitled “Behind the Scenes at Sony as Hacking Crisis Unfolded,” ... Read More

Taking Control of Cybersecurity: A Practical Guide for Officers and Directors
Posted on 7 Jul 2015 by Foley & Lardner LLP

Major cybersecurity attacks of increased sophistication — and calculated to maximize the reputational and financial damage caused to the corporate targets — are now commonplace. These attacks have catapulted cybersecurity to a top priority... Read More

Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers
Posted on 10 Sep 2015 by Kevin M. LaCroix

In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. ( here ) and Wyndham Worldwide ( here ), there was some speculation that these cases might be the first of what could become a wave of... Read More

Assessing U.S. Public Company Cyber Risk Disclosure Practices-X
Posted on 30 Sep 2013 by Doug Esten

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about... Read More

Thinking About the Data Breach Securities Class Action Lawsuits Yet to Come
Posted on 19 Mar 2015 by Kevin M. LaCroix

There has been extensive litigation filed in the wake of the many high-profile data breaches over the last several years, but by and large the lawsuits have been filed on behalf of consumers or employees. Along the way, there have also been lawsuits filed... Read More

Are You Ready? Five Key Cybersecurity Battlefronts.
Posted on 27 Oct 2015 by Steven A. Meyerowitz

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families. . . . I urge this Congress to finally pass the legislation we need to better meet the evolving threat of... Read More

As Part of White House Cyber Security Initiative, President Proposes Uniform Data Notification Rules
Posted on 13 Jan 2015 by Kevin M. LaCroix

As previously discussed on this blog (refer for example here ), over the years there have been a number of different responses from the federal government to the threat of cyberattacks on U.S. companies and infrastructure, but overall the government’s... Read More

Book Review: Cyber Risks, Social Media and Insurance
Posted on 28 Sep 2015 by Kevin M. LaCroix

We live in a world in which rapidly shifting technologies and communications modalities have changed the way we interact and conduct business. These new media and means of interaction have introduced innumerable benefits and efficiencies. Unfortunately... Read More

Will Investors Sue Over the Sony Hack Attack?
Posted on 7 Jan 2015 by Kevin M. LaCroix

As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber... Read More

When Data Hacks Lead to D&O Lawsuits, Actual and Threatened
Posted on 1 Sep 2015 by Kevin M. LaCroix

Many observers, including even this blog, have speculated whether the rising wave of data breaches and cyber security attacks will result in litigation against the directors and officers of the affected companies. Indeed, in 2014, there were two sets... Read More

Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit
Posted on 7 May 2014 by Kevin M. LaCroix

In what is the latest example of the potential cybersecurity-related liability of corporate boards, a shareholder for Wyndham Worldwide Corporation has initiated a derivative lawsuit against certain directors and officers of the company, as well as against... Read More

Assessing U.S. Public Company Cyber Risk Disclosure Practices
Posted on 30 Sep 2013 by Kevin M. LaCroix

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about... Read More

Top Treasury Official’s Speech Urges Adoption of Cyber Risk Insurance
Posted on 8 Dec 2014 by Kevin M. LaCroix

Officials across a range of federal regulatory agencies have made it clear that promoting cyber security is an increasing priority. A critical part of the federal officials’ message has been the message that cyber security should be a corporate... Read More