As the cyberheists continue at Home Depot and JPMorgan, an Amazon.com sort of site exists to sell the stolen credit cards, as detailed by Mr. Krebs. Meanwhile back in the world of law, articles continue to accelerate regarding litigation risks, including D&O claims regarding a failure to ask questions about and invest in “secure web sites.” A September 4, 2014 guest post at D&O Diary reviews federal government actions aimed at more understanding of the extent of the security failures. As with asbestos and other mass litigation, there is a long latency period – the annual Black Hat security conferences date back to 1997.
Takeaways? There are significant risks and costs in not investigating issues related to the manner in which business operations are conducted, ranging from product sources to product safety to the soundness of business systems. And, there are further risks when using boilerplate warnings instead of factual disclosures.