Watchdog Transparency Blog

In our Blog we take a critical look at public company disclosures and focus on issues surrounding transparency, reliability and accuracy. It you are looking for cheerleading, you have come to the wrong place. We rely on information from the best sources available to gain insight into companies and make predictions about what will happen in the future. Nothing in business is certain, so sometimes we will be wrong, but we will always be an independent voice telling you the truth as we see it. We offer Retail Investors our Research Reports for Free.

Sign up to get all of our blogs delivered directly to your inbox.

Cybersecurity Litigation Review

by

Cybersecurity has gone from a niche concern to a hot topic in the D&O insurance world. Tomorrow, on September 23rd, we will be attending (remotely of course) a webinar hosted by PLUS on how companies can strategically handle cybersecurity concerns. We are an independent research provider that uses an extensive database of public information to create easy-to-use reports for over 4,500 publicly traded companies. Since we track cybersecurity incidents and all material litigation for public companies, we thought we could use this as an opportunity to provide a little color to the important discussions concerning cybersecurity.

Overview

We began by looking at incidents that occurred at companies listed on the NYSE and Nasdaq over the past ten years, and the growth rate of cybersecurity incidents is alarming:

Cyber Incidents.png

*The graphs and tables in this post were created by Joseph Burke, PhD, and derived the Audit Analytics database.

In 2010, only .1 % of companies reported a cybersecurity incident. In 2019, 2.2% of companies reported a cybersecurity incident. The growth of cybersecurity incidents over the past five years has been incredible and it is not clear when it will slow down.

Another interesting facet is that the risk of a cybersecurity incident is much higher at a large company that it would be at a small company. Attacks on large companies are driving much of the growth in these numbers.

Cyber Incident Table.png

Cybersecurity Security Class Actions

A cyberbreach at a company creates all sorts of problems, including litigation. We identified all the security class action suits that were brought over cybersecurity issues and calculated the likelihood of being named in one of those suits. Unsurprisingly, the last ten years has shown significant growth in the risk of being named in a cybersecurity related lawsuit.

Cyber-lawsuit prob.png

It is important to note that these percentages are for all companies. Large cap companies have a significantly higher probability than is represented in the graph because they are both more likely to be the victim of a cybersecurity incident and are generally more likely to have a securities class action suit filed against them.

Cybersecurity as a Leading and Covariate Indicator

Two of our researchers, Joseph Burke PhD and Joseph Yarbrough PhD, wrote a research paper calculating when particular flags from our reports were associated with an increased risk of securities class action litigation for 2014-2018. Companies with a cybersecurity incident were almost three times as likely to get named in a securities class action lawsuit the year that the incident occurred.

Additionally, cybersecurity incidents were one of the six leading indicators of securities class action suits. An event is considered a leading indicator of litigation if the occurrence of that event is associated with an increased risk of litigation for the following year.

Conclusion

The chance of being involved in a cybersecurity securities class action lawsuit is still relatively low, but it is increasing rapidly. Additionally, the risk profile is far higher for large companies, which are more likely to be a victim of a cybersecurity incident and more likely to get named in a securities class action lawsuit.

If company boards wish to prevent having their company victimized twice (by hackers and by lawyers), then they need to make wise and strategic decisions to confront this growing threat.

Contact Us:

If you have questions about this article, please contact the author, jcheffers@watchdogresearch.com. If you have questions about the company generally, or for press inquires, please contact our president Brian Lawe, brianlawe@watchdogresearch.com.

Our company has access to a proprietary database that includes all material litigation, classified by issue, for public companies. If you are interested in some bespoke research on litigation trends, please contact jcheffers@watchdogresearch.com.

Watchdog Transparency Blog

In our Blog we take a critical look at public company disclosures and focus on issues surrounding transparency, reliability and accuracy. It you are looking for cheerleading, you have come to the wrong place. We rely on information from the best sources available to gain insight into companies and make predictions about what will happen in the future. Nothing in business is certain, so sometimes we will be wrong, but we will always be an independent voice telling you the truth as we see it. We offer Retail Investors our Research Reports for Free.

Sign up to get all of our blogs delivered directly to your inbox.

Cybersecurity Litigation Review

by

Cybersecurity has gone from a niche concern to a hot topic in the D&O insurance world. Tomorrow, on September 23rd, we will be attending (remotely of course) a webinar hosted by PLUS on how companies can strategically handle cybersecurity concerns. We are an independent research provider that uses an extensive database of public information to create easy-to-use reports for over 4,500 publicly traded companies. Since we track cybersecurity incidents and all material litigation for public companies, we thought we could use this as an opportunity to provide a little color to the important discussions concerning cybersecurity.

Overview

We began by looking at incidents that occurred at companies listed on the NYSE and Nasdaq over the past ten years, and the growth rate of cybersecurity incidents is alarming:

Cyber Incidents.png

*The graphs and tables in this post were created by Joseph Burke, PhD, and derived the Audit Analytics database.

In 2010, only .1 % of companies reported a cybersecurity incident. In 2019, 2.2% of companies reported a cybersecurity incident. The growth of cybersecurity incidents over the past five years has been incredible and it is not clear when it will slow down.

Another interesting facet is that the risk of a cybersecurity incident is much higher at a large company that it would be at a small company. Attacks on large companies are driving much of the growth in these numbers.

Cyber Incident Table.png

Cybersecurity Security Class Actions

A cyberbreach at a company creates all sorts of problems, including litigation. We identified all the security class action suits that were brought over cybersecurity issues and calculated the likelihood of being named in one of those suits. Unsurprisingly, the last ten years has shown significant growth in the risk of being named in a cybersecurity related lawsuit.

Cyber-lawsuit prob.png

It is important to note that these percentages are for all companies. Large cap companies have a significantly higher probability than is represented in the graph because they are both more likely to be the victim of a cybersecurity incident and are generally more likely to have a securities class action suit filed against them.

Cybersecurity as a Leading and Covariate Indicator

Two of our researchers, Joseph Burke PhD and Joseph Yarbrough PhD, wrote a research paper calculating when particular flags from our reports were associated with an increased risk of securities class action litigation for 2014-2018. Companies with a cybersecurity incident were almost three times as likely to get named in a securities class action lawsuit the year that the incident occurred.

Additionally, cybersecurity incidents were one of the six leading indicators of securities class action suits. An event is considered a leading indicator of litigation if the occurrence of that event is associated with an increased risk of litigation for the following year.

Conclusion

The chance of being involved in a cybersecurity securities class action lawsuit is still relatively low, but it is increasing rapidly. Additionally, the risk profile is far higher for large companies, which are more likely to be a victim of a cybersecurity incident and more likely to get named in a securities class action lawsuit.

If company boards wish to prevent having their company victimized twice (by hackers and by lawyers), then they need to make wise and strategic decisions to confront this growing threat.

Contact Us:

If you have questions about this article, please contact the author, jcheffers@watchdogresearch.com. If you have questions about the company generally, or for press inquires, please contact our president Brian Lawe, brianlawe@watchdogresearch.com.

Our company has access to a proprietary database that includes all material litigation, classified by issue, for public companies. If you are interested in some bespoke research on litigation trends, please contact jcheffers@watchdogresearch.com.

© 2020 Watchdog Research, Inc. All rights reserved.
Watchdog Transparency is a publication based on reports created by Watchdog Research, Inc.
Watchdog Research, Inc. is a financial research company providing due diligence information on public companies.

@WatchdogRsrch    |     rss