Will Home Depot be the one to "get it"?

Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails

Will Home Depot be the one to "get it"?Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court in the Home Depot Shareholder Derivative Litigation dismissing the shareholders’ claims against the officers and directors. (Court’s Order) Continue reading “Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails”

SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What You Really Need to Know at SecureWorld Expo Dallas on September 27, 2016. The following are the slides from Tuma’s presentation.

Download: Cybersecurity Incident Checklist

Continue reading “SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know”

Cybersecurity Legal Issues: What you really need to know (slides)

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides from Tuma’s presentation — a video of the presentation will be posted soon!

Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”

3 Key Points the Board Needs to Know About Cybersecurity

Officer and director liability for cybersecurity incidents is a hot topic. It will only get hotter because, when it comes to risks impacting the company, the buck stops at the Board of Directors. As it should.

Cybersecurity and corporate governance law are converging to develop a duty for the Board to be involved in cybersecurity issues that affect the company. (related posts) The question is, however, on how granular of a level should the Board’s role be when it comes to cybersecurity? Continue reading “3 Key Points the Board Needs to Know About Cybersecurity”

Managing Cybersecurity Risks for Boards of Directors

Ethical Boardroom Winter 2016In his latest Ethical Boardroom article, Shawn Tuma explains why it is important for board members to have an active role in their company’s cybersecurity preparation and tells them several key steps they can take to do so. Tuma also explains why cybersecurity is as much a legal issue and business issue as it is an IT issue. Continue reading “Managing Cybersecurity Risks for Boards of Directors”

Cybersecurity Legal Year in Review – #DtSR Podcast

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
      • Michaels & SuperValu case dismissals in light of Neiman Marcus
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Anticipated 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!

Will Officers & Directors Be Held Legally Responsible for Companies’ Data Breaches and Cybersecurity Incidents?

Cybersecurity Risk: Law and Trends – Ethical Boardroom Article

The law is trending toward more risk of liability for Officers and Directors. Learn more about this from my recent article in Ethical Boardroom — full text available without paywall here: Cybersecurity Risk: Law and Trends.

Learn more about the CyberGard Business Cyber Risk Management Program

CyberGard_b_g

Bleak Cybersecurity Future: Data Breaches on Track to Cost Companies $2.1 Trillion

I recently posted about how corporate general counsel now view cybersecurity as a top 3 concern. At this rate, it will soon be their #1 concern. A recent article in Corporate Counsel gives several reasons for why this problem will only continue to increase in volume, expense, and overall risk to companies:

  1. Companies continue to move more infrastructure online
  2. The annual cost of data breaches is projected to rise to $2.1 trillion by 2019
  3. Cybercriminals are more often hacking for profit instead of for “causes” as with hacktivism
  4. Nearly 60 percent of data breaches in 2015 are anticipated to be in North America
  5. The average cost of a data breach is projected to exceed $150 million by 2020
  6. Companies are developing quantum computers with so much power they will render ineffective all currently known defenses

Not only should corporate general counsel be concerned about cybersecurity, but so too should companies’ officers and directors because there is a growing trend toward liability for them as well.

Read more: Data Breaches on Track to Cost Companies $2.1 Trillion | Corporate Counsel.