News broke this week about significant cybersecurity breaches at many U.S. corporations that raises the possibility of a new wave of SEC enforcement actions, class actions, and derivative lawsuits. A front page New York Times article reported that cybersecurity firm Mondiant identified a Chinese military unit that hacked over 140 organizations over the last several years, stealing valuable intellectual property such as technology blueprints, proprietary manufacturing processes, business plans, and pricing documents. Companies affected by these attacks represent a wide range of industries, including information technology, construction, aerospace, and energy. The severity of these attacks will likely spur enforcement activity at the SEC, which has warned issuers about their cybersecurity disclosure obligations since 2011 in published disclosure guidance. The report and the likely reaction from the SEC will re-focus attention on cybersecurity controls and disclosure practices.
This startling report joins the growing chorus of politicians and commentators who are pushing for more attention to this significant economic threat. Just last week, President Obama signed an executive order calling for added cybersecurity to protect critical sectors of the economy, including banking, utilities, and transportation. As the scope and seriousness of cybersecurity threats become more widely understood, it is likely that this issue will continue to gain momentum among both government regulators and opportunistic plaintiff lawyers seeking to catch the next wave of shareholder litigation.
Please see full publication below for more information.