Corporate

Recent Posts

Widespread Use of Social Media Creates Additional Risks for Companies
Posted on 23 Oct 2012 by Corporate and Securities Law Community Staff

Network Security Risk: Because of their nature, the use of social media websites increases a company's exposure to cyber threats such as malware and phishing attacks. With many users accessing their social networks from computers in the workplace... Read More

A Critical Question Directors Should Be Asking Company Management About Cyber Risk
Posted on 18 Jun 2013 by Kevin M. LaCroix

Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article , cyber attacks --ranging from malicious software to denial of service attacks... Read More

California Attorney General Beefs Up Privacy Enforcement
Posted on 20 Aug 2012 by David Bender

On July 19, 2012, Kamala D. Harris, the Attorney General of California, announced that she was forming a new group, the Privacy Enforcement and Protection Unit, within the state's Department of Justice. The group includes six prosecutors who specialize... Read More

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently
Posted on 19 Feb 2014 by Kevin M. LaCroix

As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a... Read More

Mitigating Cyber Security Risks with Cyber Insurance in 2012
Posted on 24 May 2012 by Corporate and Securities Law Community Staff

by Vince Crisler The sophistication and capacity of the cyber insurance market has evolved in the last five years. Cyber insurance can fill the insurance gap but mitigating cyber security risks with cyber insurance is not a simple solution. Counsel... Read More

New Cyber Security Disclosure Guidance from the SEC
Posted on 3 Apr 2012 by Corporate and Securities Law Community Staff

by Vince Crisler Recent guidance from the SEC establishes new responsibilities for corporations. Public companies are expected to disclose all cyber security risks and cyber incidents that a reasonable investor would consider important in making... Read More

Lee Zeichner on Presidential Action on Cybersecurity: 2013 Executive Order and Presidential Policy Directive
Posted on 26 Feb 2013 by Lee M. Zeichner

On February 12, 2013, President Obama signed the Executive Order: Improving Critical Infrastructure Cybersecurity designed to strengthen the cybersecurity of critical infrastructure. This Order expands information sharing with critical infrastructure... Read More

Smaller Companies Should Consider Cyber-Liability Insurance
Posted on 25 Apr 2013 by Kevin M. LaCroix

Smaller companies increasingly are the subject of data breaches and those smaller companies "are the number-one target of cyber-espionage attackers," according to a recent study detailed in a April 24, 2013 CFO.com article entitled "Should... Read More

Cybersecurity Disclosure Under Scrutiny
Posted on 6 Nov 2013 by Kevin M. LaCroix

The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face in the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division... Read More

Cyber Security in the Boardroom
Posted on 17 Nov 2011 by The Conference Board

Cyber security, and the importance of management and board engagement on the issue, has been generating a lot of discussion lately. Indeed, the spate of security breaches has made it clear that no organization is immune and that, as a society, we must... Read More

Assessing U.S. Public Company Cyber Risk Disclosure Practices
Posted on 30 Sep 2013 by Kevin M. LaCroix

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about... Read More

Will Investors Sue Over the Sony Hack Attack?
Posted on 7 Jan 2015 by Kevin M. LaCroix

As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber... Read More

Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers
Posted on 10 Sep 2015 by Kevin M. LaCroix

In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. ( here ) and Wyndham Worldwide ( here ), there was some speculation that these cases might be the first of what could become a wave of... Read More

Assessing U.S. Public Company Cyber Risk Disclosure Practices-X
Posted on 30 Sep 2013 by Doug Esten

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about... Read More