To read this content please select one of the options below:

Unlike chess, everyone must continue playing after a cyber-attack

Michael Clark (Special Counsel, based at Duane Morris LLP, Houston, Texas, USA)
Charles E. Harrell (Partner, based at Duane Morris LLP, Houston, Texas, USA)

Journal of Investment Compliance

ISSN: 1528-5812

Article publication date: 25 November 2013

1466

Abstract

Purpose

This paper aims to familiarize readers about the nature and extent of the risks that listed companies and their boards of directors face by not addressing their attention to insuring the cyber-security of their operations and not disclosing cyber-episodes and their impact on operations as suggested by the SEC's Division of Corporate Finance.

Design/methodology/approach

This article provides an overview of recent developments that led the SEC's Division of Corporate Finance to issue a non-binding guidance on cyber-security, along with an analysis of the importance of cyber-security in today's marketplace, those business sectors that already must comply with statutory and regulatory duties to safeguard private information, the applicable duties of directors under Delaware law, and an overview of the enforcement activities against companies that have experienced data breaches, as well as a discussion of private class actions that have sought damages claimed to have resulted from the negligence of companies and their boards to fulfill their duties to protect such information from being stolen due to inadequate systems and protective measures.

Findings

The SEC Division of Corporate Finance's voluntary disclosure guidance concerning cyber-security offers various, non-binding reasons for listed companies to report about cyber-events that may be material to a business operation or profitability. Listed companies and their boards face enforcement and private litigation risks in the event of a cyber-incident because of the heightened interest in cyber-security, the considerable costs likely incurred as a result of a cyber-event, and the duties they owe to exercise appropriate oversight in the face of known risks.

Originality/value

The paper provides practical explanation of developing issues by experienced corporate and litigation lawyers.

Keywords

Citation

Clark, M. and E. Harrell, C. (2013), "Unlike chess, everyone must continue playing after a cyber-attack", Journal of Investment Compliance, Vol. 14 No. 4, pp. 5-12. https://doi.org/10.1108/JOIC-10-2013-0034

Publisher

:

Emerald Group Publishing Limited

Copyright © 2013, Emerald Group Publishing Limited

Related articles