Article
Source: Bloomberg Law
Article
01.30.26
Two landmark cases involving public companies and their cybersecurity executives offer some crucial lessons in corporate governance, transparency, program boundaries, and data privacy.
One case was the first Securities and Exchange Commission enforcement action that charged a chief information security officer, or CISO, as well as the company and the first accounting control claim, based on cybersecurity failings.
The other case, involving Uber Technologies Inc., was the first criminal prosecution and conviction of a chief security officer, or CSO, concerning information provided after a data breach.
In an article published in Bloomberg Law, Pillsbury partners Mark Krotoski, Cyber Disputes Team Leader ; David Oliwenstein, Securities Enforcement Practice Leader; and Bruce Ericson, Securities Litigation Team Leader, note that the lessons learned from these cases are that transparency is mandatory in disclosing data breaches, that bug bounty programs must be reviewed and audited, that disclosure decisions must be placed under legal and board oversight, and that companies must have a complete understanding of the cyberthreat landscape.
Read the full article here.