CHAPTER MENU

1. Securities and Exchange Commission Cybersecurity Expectations for Publicly Traded Companies
2. Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches
3. Committee on Foreign Investment in the United States and Cybersecurity
4. Export Controls and the Wassenaar Arrangement

As cybersecurity vulnerabilities increasingly have threatened companies' bottom lines and operational abilities, boards of directors and top executives understandably are concerned about the protection of confidential information and ensuring uninterrupted business operations. A number of federal laws, regulations, and guidelines also require top management to ensure adequate cybersecurity, both as an ongoing part of business operations and as a prerequisite for certain corporate events, such as securities offerings, obtaining foreign investments, and exporting goods.

This chapter reviews some of the legal issues that often arise in these scenarios. First, the chapter reviews the Securities and Exchange Commission's (SEC) expectations for cybersecurity of publicly traded companies, as well as the general fiduciary duty that companies have to shareholders, and how that applies to cybersecurity. The chapter then examines the cybersecurity expectations of the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments in U.S. companies. Last, the chapter reviews how export controls restrict cybersecurity ...