Cybersecurity Post-Sony: Risks, Responses, and Disclosures
Recent data breaches against Target and Wyndham Worldwide have led to filing of shareholder derivative suits against directors and officers of the corporations. The Securities and Exchange Commission warned brokerage and advisory firms of the risk of cybersecurity attacks and addressed the roles and responsibilities of boards of directors and officers of corporations in cyber risk over-sight and management. Until the attack upon Sony Pictures Entertainment, corporate networks and board portals were not given the security warranted based upon the information contained and transmitted within.
As such, business lawyers are assessing a new paradigm in client cybersecurity risk assessments, responses, and disclosures. Board portal security will comprise one aspect of the cybersecurity assessment. Based upon fiduciary duty and gross negligence, shareholder plaintiffs will likely continue to use derivative actions to increase the accountability of executives and boards of directors for cybersecurity breaches.
Boards and executives will need to consider data retention policies, risk mitigation, IT resource allocations, data breach insurance; and the cybersecurity policies, procedures, and controls that will best protect the company, executives, and board members. Companies will need to provide timely, accurate, and complete disclosure of cybersecurity issues to avoid the risk of litigation, loss of credibility, and ruination. Legal counsel will need to help board members, executives, and committees understand their duties and responsibilities to shareholders and under the law.
Key Topics include:
- Sony Pictures Entertainment Portal Breach
- Boards of Directors and Officers Cybersecurity Obligations
- Share Holder Derivative Suits: Consequences
- Cybersecurity Breach Disclosure
- Board and Officer Education
- Regulatory and Litigation Risks
- Best Practices for BOD and Officer Portal Security
Jai Dargan, Product Manager
- Threat landscape is changing – advanced persistent threats
- Permitter security is no longer sufficient in a world of insider threats
- Enterprise Collaboration Systems are a part of the story, and securing users, the platform, content and activity are all essential to this
- Existing technologies are not up to the task of mitigating Data Loss and deploying Data Loss prevention strategies in vast majority of Enterprises
- Metalogix offers a number of solutions to help mitigate data breaches / data loss.
John P. Gelinne, Captain, US Navy (Ret.), Director, Cyber Risk Services
Deloitte & Touche LLP
Cyber Risk Appetite: Anticipating the wider business impact of a cyber breach
As corporate and government data breaches become more commonplace, executives increasingly brace for some kind of monetary costs. But some cyber incidents aim to disrupt operations and undermine an organization’s strategic advantage, potentially causing far greater long-term damage. The presenter will discuss:
- The rippling effects and fuller range of cost factors associated with data breaches and disruptive attacks, beyond the initial stages.
- How a realistic scope of potential damage can influence cyber risk tolerance and shape the direction and investment in cyber risk programs.
- Actions to improve preparedness and minimize direct costs and other forms of damage.
- Dive deeper into the longer term, and often undisclosed, effects of cyber attacks.
Steven D. Cantarutti, Attorney
- General trends in 2015 for data breaches and associated costs
- Potential first and third party exposures following data breaches
- Latest developments on federal and state breach notification laws, class action litigation, and enforcement actions by FTC and SEC
- Coverage issues involving cyber-related claims, including significant decisions on “traditional” policies and the emerging market of cyber coverage
Bruce Raymond, Principal
Raymond Law Group LLC
- The Business Case for Privacy Spend – Competitive Advantage
- Board of Directors’ and Officer Liability in Post-Sony Era
- The Emerging Standard(s) of Care: NIST, ISO 2700, WG11, ISACA, etc.
Ryder Gilliland, Partner
Blake, Cassels & Graydon LLP
- Components of an integrated team response to a data breach: A data breach response requires tactful consideration and application of a wide spectrum of legal areas. But legal expertise alone will not suffice. Forensic investigation and public relations teams are essential.
- The elements of a cyber-breach response plan.
- An overview of the Canadian legal landscape.
Who Should Attend:
- Business Directors
- Business Officers
- Chief Executives
- Chief Financial Officers
- Security Managers
- Risk Managers
- Cyber Security Specialists
- Security Lawyers
- Corporate Counsel
- Other Interested Professionals
Jai Dargan is a Product Manager at Metalogix, where he directs the strategy Metalogix’s security and compliance solutions. In this capacity, Jai guides the direction of Metalogix products aimed at securing content collaboration, including ControlPoint, Sensitive Content Manager, and Insider Threat Index. Prior to Metalogix, Jai was a co-founder at Pim Labs, LLC, a startup company (acquired by Metalogix) that built solutions for securing social networks and sensitive content. He holds a Masters Degree from Georgetown University and an undergraduate degree from New York University. You can follow his musings @jai_dargan.
Jai Dargan is a Product Manager at Metalogix, where he directs the strategy Metalogix’s security and compliance solutions. In this …
Ryder practices complex litigation and dispute resolution encompassing corporate-commercial disputes. He has extensive courtroom experience, having appeared at every level of court in Ontario, as well as the Court of Queen's Bench in New Brunswick, the Supreme Court of Canada, the Federal Court of Canada, and the Federal Court of Appeal. Ryder specializing in laws relating to communications such as access to information, privacy and defamation. He has appeared as counsel in some of the leading access to information cases before Supreme Court of Canada and speaks regularly on issues relating to privacy and access to information.
Ryder practices complex litigation and dispute resolution encompassing corporate-commercial disputes. He has extensive courtroom experience, having appeared at every level …
Steve is an Associate at Coughlin Duffy where his practice focuses on insurance and reinsurance coverage disputes.
He has represented a wide array of domestic and foreign insurers in state and federal courts pending at the trial and appellate level. Steve has particular experience in advising and representing insurers facing complex and high exposure claims, including those involving cyber risk or data breaches, products liability, toxic torts, property damage, pollution, property damage, professional liability, malpractice, bad faith, additional insured status, contribution and subrogation. Steve also has experience representing insurers’ interest in bankruptcy proceedings involving toxic tort claims.
Prior to joining Coughlin Duffy, Steve was a litigation associate for the law firm of Hardin, Kundla, McKeon, Poletto & Polifroni, P.A., where he focused his practice on coverage disputes, insurance defense, and professional liability. In 2004, he joined the law firm of Smith Stratton Wise Heher & Brennan, LLP, where he worked on matters involving insurance and reinsurance coverage disputes, commercial litigation, civil litigation defense, and insurance fraud.
Steve is an Associate at Coughlin Duffy where his practice focuses on insurance and reinsurance coverage disputes. He has represented …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge and Applications
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
Metalogix is the premier provider of management software to move, manage and secure content for Office 365, SharePoint, OneDrive for Business, Exchange, Box, Dropbox, Amazon, Google and other leading enterprise content management (ECM) systems in the Cloud, On-premise and Hybrid environments.
Over 20,000 clients rely on Metalogix and the industry’s highest rated LIVE 24x7 support to enhance the use, performance and security of content collaboration in the cloud, on-premises and in hybrid environments.
Metalogix is a Microsoft Gold Partner, an EMC Select Partner, and a GSA provider.
About Blake, Cassels & Graydon LLP
As one of Canada’s top business law firms, Blake, Cassels & Graydon LLP (Blakes) provides exceptional legal services to leading businesses in Canada and around the world.
Blakes was ranked as having the leading law firm brand in Acritas’ Canadian Law Firm Index 2014, which measures law firm brands most favoured by top companies in Canada and internationally. The firm was also the only Canadian firm to be named “Canada Law Firm of the Year” for six consecutive years in the Who’s Who Legal Awards 2014 and “Law Firm of the Year: Canada” for the fourth time in the Chambers Global Awards 2013.
About Coughlin Duffy
Founded in March 2004 by a group of partners who had practiced together for many years at another major law firm, Coughlin Duffy LLP is a diverse, full-service firm committed to providing legal services of exceptional quality and superior value.
We serve regional, national, and international clients, bringing to each matter the energy, experience, and imagination of a talented group of lawyers and staff dedicated to obtaining optimal results and to fulfilling the highest standards of the profession. We are a growing, hardworking, and vibrant firm whose bottom-line consideration is client satisfaction, which we achieve in a collegial atmosphere.
Coughlin Duffy LLP offers a wide range of legal services, including all types of litigation, on behalf of corporate, institutional, governmental, and individual clients. Our attorneys regularly appear in state and federal courts at both the trial and appellate levels, as well as at arbitrations and administrative proceedings. In addition, the firm provides a comprehensive array of commercial and transactional services.