Legal Issues of Cybersecurity and Data Breach Response
More
(Not Required, Just Extra Resources)
Data Breach Response/the In-House Team/The Board
What the Capital One Hack Means for Boards of Directors by John Reed Stark (The Harvard Law School Forum on Corporate Governance, 2019)
A Useful Compendium for Yet Another Discovery Fight Over Forensic Findings, by John Reed Stark (D&O Diary, September 3, 2020)
COVID-19: Regulator Guidance on Privacy and Cybersecurity Issues Raised as Companies Respond to the Pandemic (Willkie Farr & Gallagher LLP, March 2020)
What the Capital One Hack Means for Boards of Directors by John Reed Stark (August, 2019)
NY DFS Cybersecurity Regulation, Two Years In—What Comes Next? (Phyllis Sumner, Banking Law Journal, 2019)
Data Breach Litigation Trends to Watch (Phyllis Sumner, et al, Bloomberg Law, 2019)
Are U.S. Consumers Suffering from Data Breach Notification Fatigue (Insurance Business Magazine, 2019)
Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now, by Francis Kean (March, 2019)
Is Amazon Liable for the Capital One Hack?, by (John Reed Stark, September, 2019)
Four Part Series: Top Cybersecurity Concerns for Every Board of Directors, by John Reed Stark (NASDAQ Governance Clearing Center, 2018)
New York Cybersecurity Rules: What Firms Need to Know, by Kimberly Peretti and Nameir Abbas (Securities Regulation, Daily, 2017)
Notes from a Law Firm Chief Privacy Officer: New Demands by Phyllis Sumner (Law 360, August 2017)
The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats, by John Reed Stark (D&O Diary, September 2017)
Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark (Law 360, 2017)
Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management by Phyllis Sumner and Nick Oldham (Directors Governance Center, 2016)
Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management, by Phyllis Sumner and Nick Oldham (January, 2016)
Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender (March, 2016)
Cyber Alert: 2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends (Alston & Bird, December 2016)
Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of Financial Reporting Oversight, by David Fontaine and John Reed Stark (Cybersecurity Docket, 2016)
An Oft Overlooked PCI Incident Response Approach, by John Reed Stark (March 2015)
Managing Retail Data Breaches
California’s new data privacy law could change how companies do business in the Golden State, by Jason Tashea (ABA Journal, January 2019)
Amazon Unfair Practice Case May Affect Data Breach Cases, by Doug Meal, David Cohen and Joseph Cleemann (Law 360, July 2016)
Recent Decisions Highlight Product Cybersecurity Issues, by Heather Sussman, Doug Meal and David Cohen (Law 360, 2016)
Cyber Alert: Security Vulnerabilities: You Don’t Need a Breach to Face Regulatory Scrutiny (Alston & Bird, September 2016)
St. Joseph Demonstrates Challenges for Breach Plaintiffs, By Doug Meal, Mark Szpak and David Cohen (Law 360, 2015)
Managing Financial Firm Data Breaches
Takeaways from the SEC Fight with Steven Seagal, by John Reed Stark (March, 2020)
Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case, (April, 2020)
SEC Brings Charges in EDGAR Hacking Case (January, 2019)
SEC “Outsider Trading” Enforcement: The Silence is Deafening by John Reed Stark (October, 2018)
Five Hidden Takeaways from the Khaled and Mayweather SEC Orders, by John Reed Stark (September, 2018)
New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon? By Jeewon Serrato (contributor among several Shearman & Sterling colleagues, 2018)
Beyond Disclosure: SEC Reinforces Public Company Cybersecurity Obligations(Willkie Farr & Gallagher 2018)
Virtual Currency Update: Increased Government Scrutiny and Enforcement (Willkie Farr & Gallagher 2018)
Ten Questions the SEC Probably Has for Google, by John Reed Stark (October 2018)
https://www.alston.com/en/insights/publications/2017/03/governor-cuomo-announces-cybersecurity-regulations (Alston & Bird, March 2017)
NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls (Sidley & Austin, February 2017)
Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, By John Reed Stark (D&O Diary & Law 360, October 2017)
8 Critical Lessons From Morgan Stanley Cybersecurity Case, by John Reed Stark (Law 360, October 2016)
SEC Pushes New Limits on Cybersecurity, Securities Fraud, by John Reed Stark (Compliance Week, 2016)
Avoiding Vanguard’s Cybersecurity Stumble, by John Reed Stark (Compliance Week 2016)
National Security and Cyber-Attacks
Ten Lessons from Six 2018 DOJ Indictments of State-Sponsored Hackers, by By Kim Peretti, Emily Poole, and Nameir Abbas (Alston Cyber Alert, 2019)
Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers, by John Reed Stark (The Harvard Law School Forum on Corporate Governance and Financial Regulation, April, 2018)
A Dozen Obvious (and Not So Obvious) C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance, by John Reed Stark (Law 360, May, 2018)
Opinion: Here’s how the Trump administration needs to boost cybersecurity,by John Carlin (Marketwatch, 2017)
Petya Ransomware Attacks, by (Debevoise June, 2017)
Cybersecurity Requirements Clarified (National Defense, March 2017)
Implications of WikeLeaks Publishing Details of CIA’s Cyber Arsenal (Ankura Consulting Group, March 2017)
The Risk in Making a Ransomware Payment, by John Reed Stark (Law 360, 2017)
Here’s what went wrong for Equifax in those first 48 hours, by John Carlin and David Newman (Aspen institute, 2017)
A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1 (By Caroline Krass, et al) (Law 360, 2017)
A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 2 (By Caroline Krass, et al) (Law 360, 2017)
Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, by John Reed Stark (Law 360, October 2017)
“Cybervandalism” or “Digital Act of War”? America’s Muddled Approach to Cyber Incidents Won’t Deter More Crises, by Charlie Dunlap (Lawfire, 2017)
Are Cyber Norms as to What Constitutes an “Act of War” Developing as we Would Want?, by Charlie Dunlap (Lawfire, 2017)
Responding to Ransomware Attacks
OFAC Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (October 2020)
A Ransomware OFAC Due Diligence Checklist, by John Reed Stark (January, 2021)
Garmin Facing US Probe Over Payments To Terrorists Via Third Party After Cyber Attack (Channel News, August 5, 2020)
Immediate Steps for Communicating After a Ransomware Attack (Sard Verbinnen & Co)
Best Practices for Victim Response and Reporting of Cyber Incidents (DOJ, September 2018)
Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources (DOJ, February 2020)
Ransomware’s Dirty Little Secret: Most Corporate Victims Pay (John Reed Stark Consulting, 2019)
Ransomware: To Pay or Not to Pay (Intelligent CIO, 2020)
Ransomware: Recommendations for Preparation and Response (Christopher E. Ballod, Frank J. Gillman and Sean B. Hoar, Digital Insights Blog, 2019)
How to Manage the Ransomware Crime Wave ( John Reed Stark, Duke Law Magazine, 2019)
Ransomware Attacks: Why it Should Matter to Your Business (Colin R. Jennings and Erika A. Johnson, National Law Journal, 2019)
Managing the insider Threat in the World of Cyber
How the FBI Tracked Down the Spy Who Couldn’t Spell (CNN, 2019)
Capital One Breach Shines Spotlight on Insider Threats (Joel Griffin, Security Info Watch, 2019)
5 Ways to Defang The “Insider Threat” Of Cybersecurity (CSO Online, 2019)
Insider Threat: The Human element of Cyber-Risk (McKinsey &Co., 2018)
The Spy Who Couldn’t Spell: How the Biggest Heist in The History of US Espionage Was Foiled (The Guardian, 2016)
The 21st Century Genesis of the Bad Leaver (John Reed Stark, BNA Privacy and Security Report, 2012)
Responding to Business Email Compromise Attacks
Image Exploits: With the Tax Season Come the Thieves (Sean Hoar, Digital Insights Blog, 2019)
The Decade Big-Money Email Scams Took Over (Wired, 2019)
Cybercrime: Beware the Business Email Compromise (DLA Piper, 2019)
FinCEN Business Email Compromise Advisory (FINCen, 2019)
FBI Cyber Warning: Attacks on Key Employees Up 100%, As 281 Are Arrested (Forbes, 2019)
Ex-Employee Sued by Firm After Falling for BEC Scam (CISO Online, 2019)
Managing Data Breaches Across Borders
White House Releases Vulnerability Equities Policy and Processes, by David Fagan and Caitlan Meade(Inside Privacy, 2017)
2016 Privacy Year in Review, by Winston & Strawn LLP (Feb. 2017)
Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends, (Alston & Bird, January 2017)
Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, by John Carlin (Harvard National Security Journal, 2016)
Microsoft-Ireland: Decision underscores tension between privacy principles and the digital environment, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)
Presidential Cybersecurity Commission Issues Ambitious Policy Roadmap for Next Administration, by Benjamin Powell, Jonathan Cedarbaum and D. Reed Freeman (WilmerHale 2016)
Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender, (Cybersecurity Law and Practice Report, 2016)
After the Breach: Digital Forensics and Remediation
Image Exploits: With the Tax Season Come the Thieves, by Sean Hoar (Digital Insights Blog, 2019)
5 Fraud Insurance Decisions Sure to Shape 2019, by Patricia Carreiro (Law 360, 2019)
Takeaways, Reminders & Caveats From the Equifax and SEC Data Breaches, by John Reed Stark (Cybersecurity Docket and D&O Diary, 2017)
Hidden Legal Lessons from Anthony Weiner’s Laptop by John Reed Stark (Cybersecurity Docket, 2017)
Here’s what went wrong for Equifax in those first 48 hours, by John Carlin and David Newman (September, 2017)
Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It? (Alston & Bird, December 2015)
After the Breach: Cyber Insurance and Class Actions
After a Ransomware Attack, Does Property Insurance Cover Damaged Software and Hardware? (Barnes & Thornburg, February 2020)
Courts Favor Crime Coverage Of Email Hacks – For Now (Barnes & Thornburg, March 2019)
Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong, (NY Times, April, 2019)
Claims Against Directors for Failure to Insure Against Cyber Risk Are More Likely Now, (D&O Diary, March, 2019)
Ex-Employee Sued by Firm After Falling for BEC Scam (CISO Online, March, 2019)
What Mondelez v. Zurich May Reveal About Cyber Insurance in the Age of Digital Conflict (LawFare, March, 2019)
The Pros and Pitfalls of Cybersecurity Insurance, by Jeff Bounds (D CEO, February, 2019)
War Exclusions and Cyber Attacks, by Bill Boeck (D&O Diary)
Equifax Ruling Shows How Cyber Boasts Can Bring Legal Pain, by Ben Kochman (Law 360, 2019)
Equifax Data Breach-Related Securities Suit Dismissal Motion Denied in Part, Granted in Part, by Kevin LaCroix (D&O Diary, 2019)
The Great data Breach Standing Court Split, by Amanda Lawrence, Antonio Reynolds, Michael Rome and Daniel Paluch (January, 2019)
Courts Wrestle With Coverage for Cyber-Related Claims, by Peter Selvin (October, 2018)
Who gets Coverage? by Scott Godes (BTLaw Cybersecurity Blog, 2017)
High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs, by Douglas Meal, Mark Szpak, David Cohen and Lindsey Sullivan (Bloomberg Privacy and Law Review, 2017)
Cyber Insurance: How to Find the Right Policy, by John Reed Stark (NASDAQ Clearinghouse, November 2016)
How Insurance Can Protect Your Company, by Scott Godes (Law Journal Newsletter, 2016)
Should Retailers Rely On CGL Coverage For Data Breaches?, by: Scott Godes (Barnes & Thornburg, 2015)
Who Gets Coverage? Cyber Insurance and Credit Card Risks: Will Coverage Apply After the P.F. Chang’s Denial? by: Scott Godes (Barnes & Thornburg 2017)
Cyber-Physical Risks: Are You Covered? (Covington, December 2016)
5 Tips for Buying and Reviewing Cyber Insurance, by Scott Godes (Law 360, 2014)
Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach
Six Best Ways to Protect Your Organization from Insider Cyber Risks, by David Klopp (Kroll Insights, 2019)
Ransomware: Recommendations for Preparation and Response, By: Christopher E. Ballod, Frank J. Gillman and Sean B. Hoar (Digital Insights Blog, 2019)
Cybersecurity Resolutions for 2019, by Frank Gillman and Sean Hoar (Digital Insights Blog, 2019)
The Legal Threat Giving Compliance Officers Nightmares, by Michelle Gorman (Law 360, 2019)
4 Privacy Law Predictions for 2019, by Liisa Thomas (Law 360, 2019)
Dark Web Monitoring: A Strategic Advantage for Law Firms and Their Clients, by Anju Schopra and Brian Lapidus (Kroll Insights, 2018)
Planned Methodology for Forensically Sound Incident Response in Office 365, by David Ackerman (Kroll Insights, 2018)
Alternative Communications Planning and Cybersecurity Incident Response, by Tara Swaminatha (CSO Magazine, 2018)
Presidential Executive Order on Cybersecurity: No More Antiquated IT, by Jonathan Meyer, John Chierichella and Townsend Bourne (Bloomberg BNA Privacy and Law Report, 2017)
How a Consumer Group’s Cybersecurity Initiative Could Shape the Market, by Dave Thonas, Jonathan Meyer and Abraham Shanedling (Morning Consult, 2017)
Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in lot Investments, by Jeewon Serrato (Shearman and Sterling, 2017)
NY Cybersecurity Bill Shows “Reasonable Security” Standard Gathering Force, by Debevoise (Debevoise and Plimpton, 2017)
Cybersecurity Due Diligence: A New Imperative, by John Reed Stark (Compliance Week, 2017)
Cybersecurity: Past is Prologue, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)
Top Cybersecurity Concerns for Every Board of Directors, Part One: Cybersecurity Governance, by John Reed Stark (NASDAQ Clearinghouse, December 2016)
Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: The Evolving Regulatory Landscape for Investment Advisers, Investment Companies and Broker-Dealers, by Alston and Bird (Including Kimberly Kiefer Peretti) (JDSupra Business Advisor, 2016)
About John Reed Stark
John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; For 11 years as Founder/Chief of SEC Office of Internet Enforcement; For 15 years as Adjunct Professor at Georgetown University Law School teaching cyber law; For 10 years as a Guest Instructor at the FBI Academy; For 5+ years as Managing Director (three as head of the Washington, D.C. office) of Stroz, Friedberg, a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations. Appointed since 2017 as Senior Lecturing Fellow at Duke University Law School teaching law of cybersecurity and data breach response. Author of The Cybersecurity Due Diligence Handbook. 
