74 Fla. L. Rev. 169 (2022)
View the article via pdf

Categories

Abstract

The impact of the information economy during the last quarter century has been dramatic. But for all its glory, the information economy also presents vulnerabilities: a cybersecurity breach can materially affect firm value. Although some security breaches may be inevitable in the modern world, courts are increasingly considering the question of whether the corporation’s directors and officers may be held liable under the theory that they acted in bad faith in their oversight of the corporation’s cybersecurity. To date, no suit has survived a motion to dismiss but several have settled for sizeable amounts. A watershed decision from the Delaware Supreme Court and a series of chancery court decisions may provide the opening plaintiffs’ lawyers have been looking for. With an unmatched data breach in SolarWinds, the writing is on the [fire]wall: Delaware corporations should brace themselves for “mission critical” cybersecurity derivative litigation.