Cyberattacks are on the rise and continue to pose a serious threat to public companies across every sector. In 2021, ransomware attacks increased 13%, and over a million phishing attacks were reported in the first quarter of 2022. Not only has the volume of attacks increased, but the attacks themselves also have become more sophisticated, which increases the likelihood of the attacks’ success and high impact.

Given the clear threat that cyberattacks pose, public companies should invest in robust cybersecurity systems to prevent a cyberattack. Additionally, a company needs to establish a plan in the event an attack succeeds. In such instances, in addition to potential private lawsuits and state attorney general investigations, public companies must be prepared for potential investigations by the U.S. Securities and Exchange Commission (SEC) and potential securities litigation, including class actions and stockholder derivative suits. In such derivative suits, stockholders may allege on behalf of the company that members of the board violated their fiduciary duties to adequately oversee cybersecurity and data risks and threats that face the company. Stockholders could also demand that the company’s board investigate the response to the cyber breach.