Protecting Your Company from Cybersecurity Litigation

Increased connectivity across all industries has greatly increased the potential for data breaches. Post data breach consumer lawsuits, typically asserting breach of contract or negligence theories, are on the increase. Shareholder lawsuits, which often assert claims for breach of fiduciary duty due to lack of adequate data security measures, are seeing some success, and investigations by government agencies are now common.

Cybersecurity involves evaluating legal risks for all aspects of the company’s business – a duty codified in many states. Data storage should be “layered like an onion” so that hackers don’t stumble onto a company’s most sensitive data as soon as they gain access.

Each additional employee with access to sensitive data is another potential risk. To mitigate risk, an easy-to-use system for contacting IT and raising red flags should be implemented and communicated to all. One recommended practice: Instruct your IT department to send disguised phishing emails with links or attachments and see who reports them – or better yet who attempts to access the potentially harmful links. Review all external agreements to ensure that third-party vendors are adequately addressing the cybersecurity issue.

The cybersecurity threats facing companies are rapidly evolving. To stay one step ahead of the hackers, it’s important to work directly with your IT professionals and third-party vendors. By maintaining clear and effective policies and procedures, general counsel can greatly improve their security framework and reduce the risk of litigation in the event of a data breach.