Pennsylvania Supreme Court Holds Employers Have Duty to Protect Employee Data from Cyberattacks

By Joshua Mooney   As much of the country’s workforce traveled on the Wednesday before the Thanksgiving holiday, the Supreme Court of Pennsylvania issued a landmark decision in cybersecurity: under Pennsylvania law, employers have an independent duty to protect employee data from cyberattacks. Specifically, in Dittman v. UPMC, 2018 Pa. LEXIS 6051 (Pa. Nov. 21,
Read More »

Trick or Treat: Does the SEC’s October Report Signal a New Shift in Cybersecurity Enforcement?

By Joshua Mooney and Andrew Lipton, White and Williams LLP   On October 16, 2018, the Securities and Exchange Commission’s (SEC) Division of Enforcement issued a report on Cyber-Related Frauds Against Public Companies and Related Internal Accounting Controls Requirements (the Report)[1] warning that a public company’s failure to implement adequate cybersecurity controls to address the
Read More »

New State Law Mandates Cybersecurity Enhancements

By Peter F. Johnson, Superior Court of Pennsylvania   California Governor Jerry Brown signed legislation mandating a longtime cybersecurity best practice—changing default passwords.  The use of weak default passwords is endemic to the consumer devices world, but is just as common in the world of enterprise computer equipment, on which corporate and customer data may
Read More »

Does the Fifth Circuit’s Decision in Spec’s Suggest a Breach for Cyber Coverage Into Other Insurance?

By Joshua Mooney and Andrew Lipton, White and Williams LLP Despite the existence of cybersecurity insurance, companies still seek coverage for cyber liability under various types of other insurance. Carriers, in turn, rely upon broad exclusions to limit coverage for risks never intended to be insured. One such broad exclusion is for contractual liability. However, the
Read More »