As we’ve previously reported, cyber risks are an increasingly common risk facing businesses of all kinds.  In a recent speech given at the New York Stock Exchange, SEC Commissioner Luis A. Aguilar emphasized that cybersecurity has grown to be a “top concern” of businesses and regulators alike and admonished companies, and more specifically their directors, to “take seriously their obligation to make sure that companies are appropriately addressing those risks.”

Commissioner Aguilar, in the speech delivered as part of the Cyber Risks and the Boardroom Conference hosted by the New York Stock Exchange’s Governance Services department on June 10, 2014, emphasized the responsibility of corporate directors to consider and address the risk of cyber-attacks.  The commissioner focused heavily on the obligation of companies to implement cybersecurity measures to prevent attacks.  He lauded companies for establishing board committees dedicated to risk management, noting that since 2008, the number of corporations with board-level risk committees responsible for security and privacy risks had increased from 8% to 48%.  Commissioner Aguilar nevertheless lamented what he referred to as the “gap” between the magnitude of cyber-risk exposure faced by companies today and the steps companies are currently taking to address those risks.  The commissioner referred companies to a federal framework for improving cybersecurity published earlier this year by the National Institute of Standards and Technology, which he noted may become a “baseline of best practices” to be used for legal, regulatory, or insurance purposes in assessing a company’s approach to cybersecurity.

Cyber-attack prevention is only half the battle, however.  Commissioner Aguilar cautioned that, despite their efforts to prevent a cyber-attack, companies must prepare “for the inevitable cyber-attack and the resulting fallout.”  An important part of any company’s cyber-risk management strategy is ensuring the company has adequate insurance coverage to respond to the costs of such an attack, including litigation and business disruption costs.

The insurance industry has responded to the increasing threat of cyber-attacks, such as data breaches, by issuing specific cyber insurance policies, while attempting to exclude coverage of these risks from their standard CGL policies.  Commissioner Aguilar observed that the U.S. Department of Commerce has suggested that companies include cyber insurance as part of their cyber-risk management plan, but that many companies still choose to forego this coverage.  While businesses without cyber insurance may have coverage under existing policies, insurers have relentlessly fought to cabin their responsibility for claims arising out of cyber-attacks.  Additionally, Commissioner Aguilar’s speech emphasizes that cyber-risk management is a board-level obligation, which may subject directors and officers of companies to the threat of litigation after a cyber-attack, underscoring the importance of adequate D&O coverage.

The Commissioner’s speech offers yet another reminder that companies should seek professional advice in determining whether they are adequately covered for losses and D&O liability arising out of a cyber-attack, both in prospectively evaluating insurance needs and in reacting to a cyber-attack when the risk materializes.

Read Commissioner Aguilar’s full speech here.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Shawn S. Ledingham Jr. Shawn S. Ledingham Jr.

Shawn Ledingham is a litigator in the firm’s Trials practice, successful in obtaining early victories through motion practice and defending client interests at trial. He has represented over thirty Fortune 500 companies and subsidiaries in litigation, as well as many other businesses, sports…

Shawn Ledingham is a litigator in the firm’s Trials practice, successful in obtaining early victories through motion practice and defending client interests at trial. He has represented over thirty Fortune 500 companies and subsidiaries in litigation, as well as many other businesses, sports leagues, law firms, and public entities.

Shawn is a member of the firm’s Sports Law Group and has a deep understanding of the legal framework of today’s sports industry. Shawn has represented and counseled a wide range of sports leagues and teams, including Major League Baseball, Major League Soccer, the National Basketball Association, the Women’s National Basketball Association, the National Football League, the World Surf League, the Pac-12 Conference, the Big East Conference, the Drone Racing League, and Oracle Team USA.

Shawn also has substantial experience in toxic tort, product liability, and environmental litigation. A member of the firm’s Mass Torts & Product Liability Group, Shawn defends clients in cases of alleged environmental contamination, product design or manufacturing defects, and improper or inadequate labeling.

Shawn is actively involved in promoting justice in his community and is a member of Proskauer’s Pro Bono Committee. Shawn works with the Los Angeles County Bar Association’s Counsel for Justice as a board member, helping serve the unmet legal needs of Los Angeles’s most vulnerable.