Cyber Webinar Series | The Legal Side of Cybersecurity: Liability Protection and Risk Mitigation

Quick Overview

As cyber threats grow in scale and sophistication, legal accountability is becoming a central concern for organizations and their leadership. This webinar explored the evolving threat landscape, the legal implications of major breaches like SolarWinds, and how executives can proactively manage cyber and legal risk. Key takeaways include the importance of accurate disclosures, executive accountability, and aligning legal and cybersecurity strategies.

To view the webinar recording, click here (passcode:Session1cyber2025!).

Threat Landscape

The cyber threat landscape continues to grow in complexity, frequency and cost. Key statistics include:

• The average cost of a data breach in 2024 was $4.88M.
• Ransomware and Business Email Compromise (BEC) scams accounted for 53% of Cyber claims from 2019-2023.

SolarWinds Cyberattack

IT management software provider, SolarWinds, was at the center of a major cyberattack when its Orion platform was compromised by bad actors, affecting over 30,000 public and private organizations. The breach extended beyond direct users, potentially exposing the networks and data of their customers and partners, amplifying the scale of the attack.

U.S. Securities and Exchange Commission (SEC) v. SolarWinds and Timothy Brown

• The SEC filed a complaint against SolarWinds and Timothy Brown, VP of Security and Architecture, for violations of securities laws.
• While most claims were dismissed, the court allowed claims based on alleged misstatements in SolarWinds’ security disclosures to proceed. This case underscores the importance of:
  • Auditing public cybersecurity claims against internal practices
  • Collaborating with legal teams on disclosures
  • Understanding SEC obligations
  • Establishing clear internal reporting and escalation paths

Broad Legal Framework

The U.S. has a broad array of laws applicable to cybersecurity risk and operations including:

• State Breach Notification Laws
• SEC Cybersecurity Disclosures
• OFAC and Ransom Payments
• Officer/Director liability
• Obstruction of Justice
• False Claims Act
• ERISA Plan Fiduciaries

Executive Legal Risk Management

Legal and cyber risk should be managed using similar strategies.

• Map your risk: Identify vulnerabilities, threats, and potential impacts.
• Collaborate with general counsel: Align legal and cybersecurity strategies.
• Mitigate or remove risks: Evaluate which risks are acceptable and which are not.
• Stay informed: Monitor emerging threats and regulatory developments.
• Engage outside counsel when needed to support internal initiatives.

Passcode: Session1cyber2025!