A survey of 276 board members by NYSE Governance Services and security firm Veracode found 60% of respondents expect an increase in shareholder lawsuits against companies due to cybersecurity issues, while 72% expect more cyber-related regulation in the near future.
The survey, titled Cybersecurity and Corporate Liability: The Board's View, revealed that 89% of respondents believe that businesses should be held liable for breaches if reasonable efforts are not made to secure customer data. Similarly, 90% agreed that third-party software providers should be held liable for vulnerabilities identified in their packaged software. Two-thirds of those surveyed said they have already started the process of inserting liability clauses into contracts with third-party providers, while others said plans are in place to start.
"The NYSE survey findings aren't surprising at all," said Craig A. Newman, a partner with Patterson Belknap Webb & Tyler and chair of the firm's privacy and data Security practice. "With major data breaches splashed across the headlines on almost a daily basis, the survey affirms that the overwhelming majority of organizations understand the risk of a cyber-attack and are taking steps to mitigate those risks."
Veracode's 2015 State of Software Security Report showed that close to three quarters of third-party-produced enterprise applications contain vulnerabilities listed in the OWASP Top 10, an industry-standard ranking of critical web application vulnerabilities.
Only 12% of those surveyed said businesses should not be held liable for breaches, while 68% said regulators should hold businesses liable because they have a corporate responsibility to make reasonable efforts to secure customer data, and another 21% said holding businesses responsible will force them to improve their security. But what constitutes reasonable efforts?
"There's no single definition for what constitutes 'reasonable efforts,'" Newman told Legaltech News. "It depends on a matrix of variables including the complexity of the organization, its business model, and the amount and type of data it collects and stores, just to name a few of the factors that might come into play."
Read the full story from Legaltech News at: Shareholder Cybersecurity Lawsuits Expected to Increase in 2016.
_____________________
How can you transform your risk management preparedness and response strategy into a competitive advantage?
Introducing ALM's cyberSecure — A two-day event designed to provide the insights and connections necessary to implement a preparedness and response strategy that changes the conversation from financial risk to competitive advantage. Learn more about how this inaugural event can help you reduce risk and add business value.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.