Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Data Breach-Related D&O Litigation Continues to Emerge

Data Breach-Related D&O Litigation Continues to EmergeThe impact from data breaches has entered the corporate boardroom, as we first discussed in the wake of high-profile cases Target and Wyndham Worldwide in which plaintiffs initiated data breach-related derivative lawsuits against their respective boards. When the Wyndham case was dismissed, however, many felt that perhaps directors and officers were spared, but a year later Home Depot was hit with a data breach-related shareholder’s derivative lawsuit, once again shining the light on this emerging risk.

The complaint in the Home Depot lawsuit is against the company itself, as nominal defendant, and twelve Home Depot directors and officers, alleging that the defendants breached “their fiduciary duties of loyalty, good faith, and due care by knowingly and in conscious disregard of their duties failing to ensure that Home Depot took reasonable measures to protect its customers’ personal and financial information.” One aspect of the Home Depot complaint of particular interest is in the plaintiff’s allegations. The plaintiff contends that prior breaches at Target and Neiman Marcus provided fair warning that Home Depot could expect much of the same. The suggestion, according to author Kevin LaCroix of The D&O Diary, is that “as more organizations are hit with data breaches, the expectation that boards and company management should act will rise, and the alleged failure to act in response to the drumbeat of revelations about data breaches itself could be the basis of claims against company officials.”

It only stands to reason that since data breaches will continue to occur, the potential for data breach-related D&O litigation is real, and could become an increasingly important part of the corporate and securities litigation landscape. In addition to potential lawsuits, the cost of cyber breaches also reflects on a board’s fiduciary responsibility to preserve corporate financial value. Moreover, the impact cyber security matters can have on brand value increases the pressure on boards as well. According to Forrester Research, “at least 88% of the S&P’s market value consists of goodwill and intangible assets, such as reputation, brand, innovation, processes, know-how, and customer experience.”

Minimize Cyber Risks, Lawsuits

Some takeaways for companies and measures to minimize the risk of a cyber attack and the potential for a D&O suit related to a data breach include:

  • Regularly discuss and document steps taken to secure confidential data.
  • Appoint someone or a committee with oversight of data security and grant them the authority, within reason, to act to protect confidential information and document such actions.
  • Conduct a periodic risk assessment by a source outside the business.
  • Document steps taken to remedy reported deficiencies by outside consultants or if remedies are not undertaken, the reasons for such inaction.
  • Designate a team to deal with any data security breaches after they are discovered.  In larger businesses, that may include multiple departments such as legal, public relations, administration, and executive.

In addition, the company’s IT department should:

  • Advise executives and the board of what data the business is collecting and where it is stored, assuming the executives and the board are not asking those questions.
  • Implement encryption methods for confidential data, if possible.
  • Create firewalls or separately store confidential data from other business systems.
  • Password-protect confidential data systems and limit access to them to a select few.
  • Immediately notify executives and the board of any suspected data breach.
  • Determine, in advance, whom to contact to conduct a forensic data review in the event of a cyber security breach.

Make sure your insurance program includes robust Directors & Officers Liability and Cyber Liability policies to respond in the event of a breach and subsequent lawsuits. Axis Insurance Services, specialists in management liability and cyber insurance, is available to discuss both policies with you, the coverages involved, and how each is designed to respond. Call us at (877) 787-5258.

Comments

comments

Blogged on: March 29, 2016 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions