Cyber risk is here to stay but the question is when claims related to data loss and breaches will start hitting companies squarely in their boardrooms.
Participants in Advisen’s 2014 Wrap-up D&O Claims Trends Webinar agreed that depending on how you look at it, the shareholder derivative lawsuit filed against Wyndham Worldwide Corp. in February 2014 and dismissed months later is a sign that the time is near, or not.
The case against the giant hotelier, Dennis Palkon, et al. v. Stephen P. Holmes, et al., sought damages arising from three data breaches that occurred between 2008 and 2010, exposing the personal and financial data of more than 600,000 customers.
A New Jersey district court found the board’s refusal to pursue the plaintiff’s lawsuit was a good-faith exercise of business judgment. It noted the board’s discussions of the breaches and the company’s security policies, among other measures taken to prevent future attacks.
“This was a huge wake-up call to boards that if your security increases, your liability is dramatically reduced,” Steve Shapell, chief legal officer of JLT Specialty, said.
“We’re seeing litigation come out of it and it will come,” he said of such breaches. Claims of false representation in the marketplace that data was safe will continue to be made.
“Will there be litigation?” said Kevin LaCroix, executive vice president of RT ProExec. “Yes, but plaintiffs attorneys are still trying to figure out the way they’re going to make money off of this.
“Wyndham shows how difficult it is to bring these cases,” he said, adding that there has not been a significant stock-price drop following recent data breaches.
