No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

C-Level Executives May Be Liable For Cyber Breaches

by Corporate Compliance Insights
November 7, 2016
in GRC Vendor News
C-Level Executives May Be Liable For Cyber Breaches

Complacency puts them at legal and professional risk, LeClairRyan attorney Christopher Wiech says in recent blog post

ATLANTA, Ga. (November 7, 2016) — When cyber criminals attack retailers and other businesses – potentially placing the data of millions of people at risk – C-level executives like CEOs and CIOs may lose their jobs and could be exposed to crippling lawsuits, warns Christopher A. Wiech, a partner in national law firm LeClairRyan’s Atlanta office.

There may be a lack of understanding and communication across the C-Suite when it comes to cybersecurity practices, says Wiech, a member of LeClairRyan’s Privacy and Data Security Practice who explores these issues in a recent blog, The C-Suite’s Perspective on Cybersecurity and Liability. His post appears in the firm’s Information Counts blog, which focuses on privacy, data security, information technology, e-commerce and other digital issues.

A good defensive plan begins with an understanding of how your organization gathers, stores, accesses and utilizes its data, Wiech notes. “Also be aware of any government regulations that apply, as well as industry or other standards that address data gathering, storage, protection and use, like PCI (Payment Card Industry) data compliance standards,” he advises. “You need to be diligent, because your actions will be closely scrutinized in the event of a hack or other data breach.”

The first notable case against the C-suite following a data incident was In re Heartland Payment Systems, Inc. Securities Litigation, where the plaintiffs alleged that the C-Suite concealed a cyber attack. “The court dismissed the lawsuit, recognizing that ‘the fact that a company faces certain security problems does not of itself suggest that the company does not value data security,'” relates Wiech. “Central to the court’s analysis in Heartland were the actions taken by the CEO and CFO before and after the data incident.”

Despite that, a recent IBM cybersecurity survey of more than 700 C-Suite executives across 18 industries and 28 countries found that although 94 percent believe that their company will “experience a cybersecurity incident” in the next two years, only 65 percent said they were confident about their company’s cybersecurity plans. Also troubling: 60 percent of the Chief Financial, HR and Marketing Officers surveyed said they are the “least involved” in cybersecurity measures, even though they are the individuals responsible for data most coveted by cyber criminals.

Part of the challenge is the lack of a “bright line” data security standard, putting executives on notice of exactly what their organizations should be doing when it comes to cybersecurity, according to Wiech. “There is no generalized standard for data security; it is a question of business judgment,” he explains. “A court or jury will generally consider whether or not the executive made an informed, diligent decision on behalf of, and in the best interests of, the company and its shareholders – the Business Judgment Rule – but those decisions are made on a case-by-case basis.”

Even though C-Suite executives are protected by the business judgment rule, “plaintiffs have not been deterred in their attempts to hold directors and officers personally liable for the fallout from massive data incidents,” he cautions. “But CEOs, CIOs and other top executives can take some steps to increase their company’s cybersecurity, while potentially creating a stronger defense in case of a lawsuit.”

The CEO, CIO and other top executives should meet on a regular basis, and may consider working with the Board of Directors to create a cybersecurity committee, he advises. “Your cybersecurity committee should include representatives from marketing, IT and other technical specialists, as well as internal and external legal advisors,” Wiech says. “The committee could address issues like the ways you are protecting your digital and other assets, while considering who has access to your data, and what your legal and other responsibilities are and to whom they’re owed. Also, consider third-party vendors and others who handle your data, and what their security procedures are. Finally, do you have processes in place if a data breach does occur? You need to plan for it before something happens.”

A C-suite cybersecurity strategy should also be balanced, he notes.

“A company can build a vault around its data that may be nearly impossible to penetrate, but then you may be unable to use it in a real-time manner, negating or minimizing the business value of the data,” warns Wiech. “Cybersecurity is no longer just an IT issue, nor is it defensible to be naïve about cybersecurity. A diligent C-Suite and boardroom should be cognizant of their company’s cybersecurity risks, routinely discuss those risks, and rely on and follow the advice of experts to mitigate those risks.”

The full column is available at http://informationcounts.com/the-c-suites-perspective-on-cybersecurity-and-liability.

About LeClairRyan

As a trusted advisor, LeClairRyan provides business counsel and client representation in corporate law and litigation. In this role, the firm applies its knowledge, insight and skill to help clients achieve their business objectives while managing and minimizing their legal risks, difficulties and expenses. With offices in California, Connecticut, Delaware, Georgia, Maryland, Massachusetts, Michigan, Nevada, New Jersey, New York, Pennsylvania, Rhode Island, Texas, Virginia and Washington, D.C., the firm has approximately 380 attorneys representing a wide variety of clients throughout the nation.  For more information about LeClairRyan, visit www.leclairryan.com.


Previous Post

What Do Compliance Directors Need to Know to Sleep at Night?

Next Post

Shareholder Activism

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
The benefit of replacing a board-centric governance model

Shareholder Activism

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT