The Great Recession of 2007-2009 caused a precipitous drop in litigation, and legal spend for litigation dropped as well. That is about to change, as parties discouraged by lack of government protection against hackers turn to courts for redress in the face of cyber attacks and data breaches.
Forty-seven states have breach notification or other cybersecurity law, and in particular there are numerous safeguards governing the life sciences and financial services industries.
Given increasing reliance on digital assets and the advancing sophistication of cyber attacks, it is only a matter of time before a court permits a shareholder derivative action against corporate directors stemming from a data breach.
Federal privacy law does not preempt state laws that are stricter than the federal provisions. As breaches of health information increase, expect more state litigation alleging failures to meet standards of care with regard to state statutory or common law.
FINRA, following a period of quiescence, has awakened to the realities of potential damage cyber attackers can wreak on broker-dealer funds. Late last year, a settlement of $650,000 in a proceeding involving Lincoln Financial Securities was announced. It was significant for the amount, but also because the basis of the FINRA proceeding was a breach by Lincoln’s cloud services provider.
Whether at the sole practitioner, law department or corporate board level, without a high level of cybersecurity based on best practices, the likelihood of costly litigation is increasing.