A survey of 276 board members by NYSE Governance Services and security firm Veracode found 60 percent of respondents expect an increase in shareholder lawsuits against companies due to cybersecurity issues, while 72 percent expect more cyber-related regulation in the near future.
The survey, entitled Cybersecurity and Corporate Liability: The Board’s View, revealed that 89 percent of respondents believe that businesses should be held liable for breaches if reasonable efforts are not made to secure customer data. Similarly, 90 percent agreed that third-party software providers should be held liable for vulnerabilities identified in their packaged software. Two-thirds of those surveyed said they have already started the process of inserting liability clauses into contracts with third-party providers, while others said plans are in place to start.
“The NYSE survey findings aren’t surprising at all,” said Craig A. Newman, a partner with Patterson Belknap Webb & Tyler and chair of the firm’s privacy and data Security practice. “With major data breaches splashed across the headlines on almost a daily basis, the survey affirms that the overwhelming majority of organizations understand the risk of a cyber-attack and are taking steps to mitigate those risks.”
Veracode’s 2015 State of Software Security Report showed that close to three quarters of third-party-produced enterprise applications contain vulnerabilities listed in the OWASP Top 10, an industry-standard ranking of critical web application vulnerabilities.
Read more at Law.com