Concerns after hackers target corporate data to commit securities fraud
On Wednesday August 12, both The Wall Street Journal and New York Times reported on what most believe is the first case in which hackers used stolen corporate data to initiate securities fraud in conjunction with stock traders. More troubling are concerns that it’s likely just the tip of the iceberg, and that it came from a five-year long “unholy global alliance” between overseas hackers and U.S. based traders.
As Paul Fishman, the U.S. District Attorney for New Jersey notes, “This is the intersection of hacking and securities fraud. The hackers were relentless and patient.” It’s estimated that 32 traders and hackers took in over $100M in illegal proceeds via this highly sophisticated and bold scheme. Those involved gained a big advantage over others in the stock market by securing access to news releases, then trading on their information before they hit the wires.
Buyers of both Directors’ & Officers’ Liability (D&O) and Cyber insurance should take heed of the potential implications. In this particular case, the hackers broke into companies like Business Wire and PR Newswire rather than into the public companies whose news was being released. But what if the public companies themselves were hacked, traders gained access to information that had not been made public yet, and then traded illegally on that insider information?
It’s not difficult to imagine a scenario in which such trading could drive down the share price with other investors incurring a loss. Would those shareholders then sue the directors/operators of the impacted public company alleging that they had suffered a financial loss due to lack of proper oversight of network security and data privacy by the directors/operators?
If a public company is hacked, what’s the cost to investigate the hack and then restore the company’s reputation and network? Will it be sued by others if hackers stole their data? Does the company have adequate Cyber insurance in place to help pay for these costs and damages? Does it have a Cyber insurance carrier that can provide it with experienced, expert service providers in a time of crisis?
Questions such as these will become more common as hackers continue to infiltrate networks in the hopes of securing non-public information in order to gain an advantage in the market. As a result, D&O and Cyber insurance will face increased scrutiny as essential tools in helping public companies combat this “unholy global alliance.”
About the Author
Rich Leavitt is an Area Principal and is responsible for the firm’s overall strategy for attracting and retaining large clients with complex risks and dynamic needs, as well as the delivery of solutions and services to those organizations.