LexisNexis® Legal Newsroom
Cyber Security in the Boardroom

Cyber security, and the importance of management and board engagement on the issue, has been generating a lot of discussion lately. Indeed, the spate of security breaches has made it clear that no organization is immune and that, as a society, we must develop a level of tolerance for the fact that...

New Cyber Security Disclosure Guidance from the SEC

by Vince Crisler Recent guidance from the SEC establishes new responsibilities for corporations. Public companies are expected to disclose all cyber security risks and cyber incidents that a reasonable investor would consider important in making an investment decision or if the information would...

Mitigating Cyber Security Risks with Cyber Insurance in 2012

by Vince Crisler The sophistication and capacity of the cyber insurance market has evolved in the last five years. Cyber insurance can fill the insurance gap but mitigating cyber security risks with cyber insurance is not a simple solution. Counsel should revisit cyber insurance with directors and...

California Attorney General Beefs Up Privacy Enforcement

On July 19, 2012, Kamala D. Harris, the Attorney General of California, announced that she was forming a new group, the Privacy Enforcement and Protection Unit, within the state's Department of Justice. The group includes six prosecutors who specialize in privacy, and its mandate is to protect consumer...

Widespread Use of Social Media Creates Additional Risks for Companies

Network Security Risk: Because of their nature, the use of social media websites increases a company's exposure to cyber threats such as malware and phishing attacks. With many users accessing their social networks from computers in the workplace, often these issues are simply caused by an...

Lee Zeichner on Presidential Action on Cybersecurity: 2013 Executive Order and Presidential Policy Directive

On February 12, 2013, President Obama signed the Executive Order: Improving Critical Infrastructure Cybersecurity designed to strengthen the cybersecurity of critical infrastructure. This Order expands information sharing with critical infrastructure owners and operators and establishes a process...

Smaller Companies Should Consider Cyber-Liability Insurance

Smaller companies increasingly are the subject of data breaches and those smaller companies "are the number-one target of cyber-espionage attackers," according to a recent study detailed in a April 24, 2013 CFO.com article entitled "Should You Consider Cyber Insurance?" ( here...

A Critical Question Directors Should Be Asking Company Management About Cyber Risk

Cyber security and related privacy issues increasingly dominate the headlines. And for good reason: according to statistics cited in a recent Wall Street Journal article , cyber attacks --ranging from malicious software to denial of service attacks - increased 42% in 2012. The trend has only accelerated...

Assessing U.S. Public Company Cyber Risk Disclosure Practices

It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a...

Cybersecurity Disclosure Under Scrutiny

The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face in the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s...

What Are the Bad Guys Up to Now? Hacking Health-Care Records, Apparently

As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled...

Will Investors Sue Over the Sony Hack Attack?

As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber breach-related derivative lawsuits against the...

Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers

In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. ( here ) and Wyndham Worldwide ( here ), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the...