Cyber Breach Fallout: Management Liability Issues in the Face of a Cyber Attack


Written by Gregory M. Monaco of Picadio Sneath Miller & Norton, P.C. for the 2015 Fall/Winter issue of USLAW Magazine.

As the cyber security conversation increasingly shifts toward prevention and response, the liability issues facing company management should not be relegated to the background. Even where a company has the foresight to adopt and implement a comprehensive cyber security plan, management is not necessarily immune from liability in the event of a cyber breach. Unless the plan properly takes into account the legal duties owed by management to the company and the company to third parties, the plan could leave management vulnerable to liability. In other words, adoption and implementation of a cyber security plan alone does not necessarily provide adequate protection for management.

The general proposition that management’s legal duties extend to cyber security matters now should be unremarkable. As numerous data breach lawsuits filed in recent years have shown, cyber security is no longer considered a ministerial responsibility that is capable of being entrusted to IT professionals alone.1 Instead, it represents a significant business decision that should be reserved for management in the first instance. This, then, raises an important question: what steps can management take before a cyberattack occurs in an effort to insulate itself from liability?…READ MORE.


Designed & Developed by Peak Seven