Click here to listen to the audio

Cybersecurity risk is evolving and expanding. Traditionally, cybersecurity risk has been equated with cyber attacks and associated legal consequences. That risk is undoubtedly real: All internet connected systems remain vulnerable to increasingly sophisticated, persistent threat actors, including nation states and well-funded criminal organizations, who can circumvent even robust defenses to intrude into systems and expose companies to a wide variety of regulatory investigations and litigation. But companies increasingly face cybersecurity legal risk even absent a data breach. Emerging theories of liability – largely arising from inconsistencies between representations companies make about their cybersecurity and their actual cybersecurity posture – are presenting new, substantial civil and potentially criminal legal exposures for companies.

In the first installment of a multi-part JONES DAY TALKS® series, partners Lisa Ropple, Justin Herdman, and Grayson Yeargin discuss today’s rapidly growing and changing cybersecurity requirements, and the potential legal consequences of not meeting those obligations.