When Cybersecurity Becomes A Securities Issue

A post from Carlton Fields discusses recent developments in securities class action litigation and the related issue of the newly articulated SEC disclosure requirements vis a vis cybersecurity. Veteran insurance coverage attorney J. Robert MacAneney looks first at the proposed $80 million Yahoo! settlement – a milestone, he says, “because it is the first significant securities fraud settlement from a cybersecurity breach.” That matter stemmed from the massive Yahoo! data breaches of 2013 and 2014, notable both for the massive amount of data that was compromised and how long information about it – and other data breaches that came later – was kept under wraps by the company. The second part of this article looks at a recent SEC guidance, which, as the writer says, emphasizes “the importance of disclosing material cybersecurity risks, even in cases where a company has not yet suffered a cyberattack.”