Feb. 13, 2019

Reducing Risk in the Dawn of Equifax and Other Cyber-Related Securities Fraud Class Actions

Public companies face a variety of legal challenges following major cyber events. These challenges increasingly include federal securities class actions, which can expose public companies that experience cyber events to very significant claims for damages from plaintiff shareholders. The recent securities fraud class actions brought against Yahoo!, PayPal, Chegg and Marriott and, in particular, the January 28, 2019, decision in In re Equifax Securities Litigation, which allowed most of the plaintiffs’ claims to survive a motion to dismiss, are evidence these cases are on the rise. In this guest article, Davis Polk attorneys discuss recent securities fraud class actions and steps that companies can take to (1) reduce the risk of such cases being filed, (2) increase the possibility of early dismissal of such actions, and (3) mitigate the potential scope of damages and costs associated with defending and resolving them. See “Defense and Plaintiff Perspectives on How to Survive Data Privacy Collateral Litigation” (Mar. 8, 2017).

Practical Ways to Incorporate Security Protection Into Supplier Agreements

Supplier agreements should be up-to-date, sufficiently protective of data and broad enough to cover changes in practices or technology. It is a perennial challenge for companies to meet those expectations while, at the same time, avoid using imposing language in the contract that will make a supplier walk away from a deal. At a recent Strafford presentation, Foley & Lardner partner Matthew Karlyn offered suggestions on how corporate customers can strengthen supplier arrangements, including tips for due diligence as well as terms to include or scrutinize. The Cybersecurity Law Report covers key takeaways from the presentation. See “How to Maintain Effective and Secure Long-Term Vendor Relationships: Understanding the Risks (Part One of Two)” (Jun. 20, 2018); Part Two (Jun. 27, 2018).  

FINRA Report Addresses Common Cybersecurity Risks and Recommends Mitigation Measures

The financial sector has been a leader in the development of cybersecurity programs, but can still benefit from continued guidance as threats increase and shift. Through its work with a large number of firms, FINRA has identified specific areas of improvement for financial companies’ cybersecurity programs. Its recently published 2018 Report on Selected Cybersecurity Practices focuses on branch offices, phishing attacks, insider threats, penetration-testing programs and mobile device controls. The report drew on the most frequently cited cybersecurity findings in its examination program, Covington partner Micaela McMurrough told the Cybersecurity Law Report, and as a result, “many of the risks discussed in the report, and the practices implemented to address them, reflect trends across examined entities.” See also “FINRA Emphasizes the Importance of Proper Electronic Record Storage in Enforcement Actions” (Jan. 25, 2017); and “FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer” (Dec. 14, 2016).

Nelson Mullins Gains Cybersecurity Partner in Atlanta

Tori Silas has joined Nelson Mullins in Atlanta as a partner on the firm’s venture capital and technology team. She joins from Cox Enterprises, where she served as its first privacy officer. For more insight from Silas, see “Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture” (Oct. 19, 2016).