Cyber security, and the importance of management and
board engagement on the issue, has been generating a lot of discussion lately.
Indeed, the spate of security breaches has made it clear that no organization
is immune and that, as a society, we must develop a level of tolerance for the
by Vince Crisler
Recent guidance from the SEC
establishes new responsibilities for corporations. Public companies are
expected to disclose all cyber security risks and cyber incidents that a
reasonable investor would consider important in making an investment decision
or if the information would...
by Vince Crisler
The sophistication and capacity
of the cyber insurance market has evolved in the last five years. Cyber
insurance can fill the insurance gap but mitigating cyber security risks with
cyber insurance is not a simple solution. Counsel should revisit cyber
insurance with directors and...
On July 19, 2012, Kamala D.
Harris, the Attorney General of California, announced that she was forming a
new group, the Privacy Enforcement and Protection Unit, within the state's
Department of Justice. The group includes six prosecutors who specialize in
privacy, and its mandate is to protect consumer...
Network Security Risk:
Because of their nature, the use of social media websites
increases a company's exposure to cyber threats such as malware and phishing
attacks. With many users accessing their social networks from computers in the
workplace, often these issues are simply caused by an...
On February 12, 2013, President
Obama signed the Executive Order: Improving Critical Infrastructure
Cybersecurity designed to strengthen the cybersecurity of critical
infrastructure. This Order expands information sharing with critical
infrastructure owners and operators and establishes a process...
Smaller companies increasingly are the subject of data
breaches and those smaller companies "are the number-one target of
cyber-espionage attackers," according to a recent study detailed in a April 24,
2013 CFO.com article entitled "Should You Consider Cyber Insurance?" ( here...
Cyber security and related privacy issues increasingly
dominate the headlines. And for good reason: according to statistics cited in a
Wall Street Journal article , cyber attacks --ranging from
malicious software to denial of service attacks - increased 42% in 2012. The
trend has only accelerated...
It has been nearly two years since the SEC Division of Corporate Finance issued its Disclosure Guidance on cybersecurity risks. During this period reporting companies have had the opportunity to incorporate disclosures in their reporting documents about the cybersecurity risks they face. To develop a...
The threat of a cybersecurity breach is unfortunately one of the ongoing business risks companies face in the current operating environment. For that reason, corporate disclosures of cyber-breach related risks have been a priority of the SEC’s Division of Corporate Finance as well as the agency’s...
As if it were not bad enough that hackers are attacking retail businesses like Target and Neiman Marcus to obtain consumer credit card information, it turns out that the bad guys are also targeting health-care records. According to sources cited in a February 18, 2014 Wall Street Journal report entitled...
As I noted in my recent rundown of the top D&O stories of 2014, one of the most important developments during the year just finished was the emergence of cyber security as a D&O liability concern. During 2014, plaintiff shareholders launched cyber breach-related derivative lawsuits against the...
In early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. ( here ) and Wyndham Worldwide ( here ), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the...