Posts Tagged ‘Weil Gotshal’

The Importance of a Battle-Tested Cyber Incident Response Plan

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Friday December 19, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on a Weil Alert authored by Mr. Ferrillo.

“The scope of [the Sony Pictures Entertainment (SPE)] attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public…. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

— Remarks by Kevin Mandia, “Sony Investigator Says Cyber Attack ‘Unparalleled’ Crime,” Reuters, December 7, 2014. [1]

“The days of the IT guy sitting alone in a dark corner are long gone. Cybersecurity has become an obvious priority for C-Suites and boardrooms, as reputations, intellectual property and ultimately lots of money are on the line.”

— Priya Ananda, “One Year After Target’s Breach: What Have We Learned?” November 1, 2014. [2]

“Resiliency is the ability to sustain damage but ultimately succeed. Resiliency is all about accepting that I will sustain a certain amount of damage.”

— NSA Director and Commander of U.S. Cyber Command Admiral Mike Rogers, September 16, 2014. [3]

We have definitively learned from the past few months’ worth of catastrophic cyber security breaches that throwing tens of millions of dollars at “preventive” measures is simply not enough. The bad guys are too far ahead of the malware curve for that. [4] We have also learned that there are no such things as quick fixes in the cyber security world. Instead, the best approach is a holistic approach: basic blocking and tackling such as password protection, encryption, employee training, and strong, multi-faceted intrusion detection systems [5] really trump reliance on a “50 foot high firewall” alone. But there are also two more things that are critical to a holistic cyber security approach: a strong, well-practiced Incident Response Plan (IRP), and, as Admiral Rogers noted above, the concept of cyber-resiliency, i.e., the ability to take your lumps, but continue your business operations unabated.

In this post, we tackle two questions: (1) What are the essential elements of a Cyber IRP? and (2) Why are IRPs so important to your organization?

…continue reading: The Importance of a Battle-Tested Cyber Incident Response Plan

Cyber Security, Cyber Governance, and Cyber Insurance

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Thursday November 13, 2014 at 9:07 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on an article authored by Mr. Ferrillo and Christine Marciano, President of Cyber Data Risk Managers.

JP Morgan Chase. Community Health Systems. The Home Depot. Kmart. There has been no shortage of data breaches in recent weeks—with new developments on an almost daily basis. The age of cyber hactivisim, cyber extortion, and cyber terrorism is here, and it is not going away any time soon.

Data security issues are no longer just an IT Department concern. Indeed, they have become a matter of corporate survival, and therefore companies should incorporate them into enterprise risk management and insurance risk transfer mechanisms, just as they regularly insure other hazards of doing business. As the number of data breaches has increased, the demand for cyber insurance has likewise dramatically increased more than that for any other insurance product in recent years. Every board of directors should be questioning its officers and management as to “whether or not its company should be purchasing cyber insurance to mitigate its cyber risk.” If management answers, “Oh, it costs too much,” or “Oh, it will never pay off,” second opinions should be obtained. Rapidly. Because neither answer is correct.

…continue reading: Cyber Security, Cyber Governance, and Cyber Insurance

ISS Spotlights Independent Chair Shareholder Proposals and Equity Compensation Plans

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Sunday October 26, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Catherine T. Dixon, member of the Public Company Advisory Group at Weil, Gotshal & Manges LLP, and is based on a Weil alert.

On October 15, 2014, Institutional Shareholder Services (“ISS”) released proposed amendments to its proxy voting policies for the 2015 proxy season. ISS is seeking comments by 6:00 p.m. EDT on October 29, 2014. [1] ISS has stated that it expects to release its final 2015 policies on or around November 7, 2014. The policies as revised will apply to meetings held on or after February 1, 2015.

…continue reading: ISS Spotlights Independent Chair Shareholder Proposals and Equity Compensation Plans

Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Wednesday September 10, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on an article authored by Mr. Ferrillo and David J. Schwartz.

In our June 4, 2014 article on cyber security and cyber governance [1] we noted that for many reasons, boards of directors and executives of U.S. companies needed to reexamine how they protect (and respond to the successful hacking of) their most critical intellectual property and customer information. One of the reasons was that all signs out of Washington, D.C. pointed towards increasing federal regulation and oversight of cyber security for public and private companies, and particularly for those in the financial services sector. Further, we foresaw not only heightened scrutiny from regulators, but increasing class action litigation, with plaintiffs accusing boards and management of not taking the appropriate steps to protect company and client data. Our predictions were correct on all fronts.

…continue reading: Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Understanding and Implementing the NIST Cybersecurity Framework

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 25, 2014 at 9:03 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Tom Conkle.

Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.” [1] Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” [2] The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

…continue reading: Understanding and Implementing the NIST Cybersecurity Framework

Cloud Cyber Security: What Every Director Needs to Know

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday August 6, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Dave Burg and Aaron Philipp, both of PricewaterhouseCoopers LLP.

There are four competing business propositions affecting most American businesses today. Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.

First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on pubic IT cloud computing will experience a compound annual growth of 23.5%.” [1] Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason—whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.” [2]

…continue reading: Cloud Cyber Security: What Every Director Needs to Know

Republic of Argentina v. NML Capital

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Saturday July 5, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Irwin H. Warren, senior partner in the Securities Litigation practice at Weil, Gotshal & Manges LLP, and is based on a Weil alert authored by Mr. Warren, Ted Posner, and Adam Banks.

The Supreme Court issued its decision yesterday [June 16, 2014] in Republic of Argentina v. NML Capital, No. 12-842, holding that the Foreign Sovereign Immunities Act (FSIA) does not limit the scope of discovery available to a judgment creditor in post-judgment execution proceedings against a foreign sovereign.

As part of NML’s efforts to collect on various litigation judgments entered against Argentina following its default on bond obligations, NML sought discovery of Argentina’s assets around the world in an attempt to locate Argentine property that might be subject to attachment and execution. Those efforts included subpoenas served on Bank of America and Banco de la Nacion Argentina, both of which had offices in New York. The subpoenas generally sought information about Argentina’s accounts, balances, transaction histories and funds transfers. Argentina and the banks sought to quash the subpoenas, contending that they violated the FSIA by seeking discovery of Argentina’s extraterritorial assets that were beyond the reach of U.S. courts. The district court denied the motion to quash, and the Second Circuit affirmed. Only Argentina sought review in the Supreme Court.

…continue reading: Republic of Argentina v. NML Capital

The Credit Suisse Guilty Plea: Implications for Companies in the Crosshairs

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday June 9, 2014 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Christopher Garcia, partner in the Securities Litigation and White Collar Defense & Investigations practices at Weil, Gotshal & Manges LLP, and is based on a Weil Gotshal alert by Mr. Garcia and Raqel Kellert. The complete publication, including footnotes, is available here.

The announcement of the Credit Suisse guilty plea on May 19, 2014 marks the first time in more than a decade that a large financial institution has been convicted of a financial crime in the United States. For this reason alone, some will herald it a watershed moment in the history of corporate criminal liability. But the government’s well-publicized efforts to mitigate the collateral consequences resulting from the plea will likely limit the plea’s practical significance for companies that find themselves in the unenviable position of negotiating a resolution of criminal allegations with the government. This post will explore the potential implications of the Credit Suisse guilty plea for corporate criminal liability.

…continue reading: The Credit Suisse Guilty Plea: Implications for Companies in the Crosshairs

Cyber Governance: What Every Director Needs to Know

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Thursday June 5, 2014 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo.

The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. [1]

Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million). [2] Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” [3]

…continue reading: Cyber Governance: What Every Director Needs to Know

The SEC’s Refocus on Accounting Irregularities

Posted by Noam Noked, co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday January 27, 2014 at 9:14 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article by Mr. Ferrillo, Christopher Garcia, and Matthew Jacques of AlixPartners that first appeared in D&O Diary.

On July 2, 2013, the United States Securities and Exchange Commission (the SEC) announced two new initiatives aimed at preventing and detecting improper or fraudulent financial reporting. [1] We previously noted that one of these initiatives, a computer-based tool called the Accounting Quality Model (AQM, or “Robocop”), [2] is designed to enable real-time analytical review of financial reports filed with the SEC in order to help identify questionable accounting practices.

…continue reading: The SEC’s Refocus on Accounting Irregularities

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine