A survey of 276 board members by NYSE GovernanceServices and security firm Veracode found 60% of respondentsexpect an increase in shareholder lawsuits against companies due tocybersecurity issues, while 72% expect more cyber-relatedregulation in the near future.

The survey, titled Cybersecurity and Corporate Liability: The Board'sView, revealed that 89% of respondents believe that businessesshould be held liable for breaches if reasonable efforts are notmade to secure customer data. Similarly, 90% agreed thatthird-party software providers should be held liable forvulnerabilities identified in their packaged software. Two-thirdsof those surveyed said they have already started the process ofinserting liability clauses into contracts with third-partyproviders, while others said plans are in place to start.

"The NYSE survey findings aren't surprising at all," said CraigA. Newman, a partner with Patterson Belknap Webb & Tyler andchair of the firm's privacy and data Security practice. "With majordata breaches splashed across the headlines on almost a dailybasis, the survey affirms that the overwhelming majority oforganizations understand the risk of a cyber-attack and are takingsteps to mitigate those risks."

Veracode's 2015 State of Software Security Report showedthat close to three quarters of third-party-produced enterpriseapplications contain vulnerabilities listed in the OWASP Top 10, an industry-standard ranking ofcritical web application vulnerabilities.

Only 12% of those surveyed said businesses should not be heldliable for breaches, while 68% said regulators should holdbusinesses liable because they have a corporate responsibility tomake reasonable efforts to secure customer data, and another 21%said holding businesses responsible will force them to improvetheir security. But what constitutes reasonable efforts?

"There's no single definition for what constitutes 'reasonableefforts,'" Newman told Legaltech News. "It depends on a matrix ofvariables including the complexity of the organization, itsbusiness model, and the amount and type of data it collects andstores, just to name a few of the factors that might come intoplay."

Read the full story from Legaltech Newsat: Shareholder Cybersecurity Lawsuits Expected toIncrease in 2016.
_____________________

How can you transform your risk management preparednessand response strategy into a competitive advantage?

Introducing ALM's cyberSecure — Atwo-day event designed to provide the insights and connectionsnecessary to implement a preparedness and response strategy thatchanges the conversation from financial risk to competitiveadvantage. Learnmore about how this inaugural event can help youreduce risk and add business value.