Company officers successfully sued for data breach

The New York Times reports that corporate officers for Yahoo! have been successfully sued for their conduct in the Yahoo! data breaches.

Lessons for Corporate Boardrooms From Yahoo’s Cybersecurity Settlement

The former officers and directors agreed to pay $29 million. But a couple of notes on this:

  1. No one who had their data stolen will get any money out of this.

  2. Lawyers will get about $11 million of the settlement, the rest goes to the company.

  3. The officers and directors aren’t actually paying the money; their insurance company is picking up the tab.

The actual wording of the settlement is:

As consideration for the Settlement, and subject to the terms and conditions of the Stipulation, the Settling Defendants, as separately agreed between them, shall cause their insurance carriers to pay twenty-nine million dollars ($29,000,000.00) in cash

Will this cause insurance companies to become more involved in the monitoring of the security of the companies they insure?

Full disclosure, I work part-time on FICO’s Enterprise Security Score, which calculates the relative likelihood that a company will have a significant breached over the next year.

PS. Looking for the ESS link above, I ran across this handy video that helps explain ESS. I work on ESS, and I didn’t even know about this video. I guess that is what happens when you work for a largish company.