Vulnerability management has raised cost and risk issues not just for the CISO and CIO but also the general counsel, other C-suite members and the board. In this first installment of a three-part guest article series, Alston & Bird attorneys discuss recent legal actions focused on a company’s vulnerability management program, with the potential for significant fines and penalties, and offer practical takeaways to help legal and risk professionals shore up their administrative controls and aid security. Part two will take a deeper dive into the risks of third-party scanning tools and the ways in which they may be used by unauthorized or unsolicited third parties to identify vulnerabilities. Part three will provide questions and a glossary that legal teams can use to gain a better understanding of the technical challenges facing their organization. See also “Using Red-Teaming to Test and Improve Cyber Defenses” (Sep. 11, 2019).