CYBER SECURITY RISKS FOR DIRECTORS INCREASE FOLLOWING WELLS FARGO SHAREHOLDER DERIVATIVE LITIGATION DECISION
Corporate directors face increased litigation risk stemming from massive data breaches as a result of a judicial trend to qualify defences previously available under the business judgment rule. That trend has crested with the recent decision of the US District Court for the Northern District of California in In re Wells Fargo & Company. Directors whose boards have not implemented and documented cyber security oversight for their organisations and ignore warning signs of lax security safeguards face significantly increased vulnerabilities to personal liability in shareholder derivative litigation. Board members should review their agreements with their organisations and their directors and officers (D&O) insurance coverage carefully in light of this decision.
Wells Fargo continues the judicial march to hold directors accountable for oversight of lapses about which they should have known through the exercise of oversight expected of knowledgeable and involved directors. While the bar for holding directors accountable remains high, the business judgment rule, which was thought for many years to effective insulate directors from decisions or lack of decisions in the exercise of their work on the board, now has a very large hole. Directors who ignore ‘red flags’ of misconduct or lack of attention to required safeguards or, as the Delaware Court of Chancery stated in In re Walt Disney take an “ostrich-like approach” to misconduct or lack of vigilance on safeguards required by law, may be held to have violated their fiduciary obligations to the company.
Jan-Mar 2018 Issue