I came across a few articles over the past few days that show some interesting developments that will be much more likely to motivate companies to take security seriously – no laws and regulations needed.
Plaintiffs alleging companies made material misstatements in securities fraud cases won an important ruling on the requirements for class certification from the U.S. Supreme Court on Wednesday.
The court ruled in a 6-3 decision (PDF) that plaintiffs in such cases may obtain class certification without having to prove a misrepresentation materially affected the stock price. The opposite approach would “put the cart before the horse,” Justice Ruth Bader Ginsburg wrote for the majority.
Ginburg’s opinion was joined by Chief Justice John G. Roberts Jr. and Justices Stephen G. Breyer, Samuel A. Alito Jr., Sonia Sotomayor and Elena Kagan.
The defendant in the case, biotech company Amgen, had claimed materiality must be proven before certification under the dictates of Rule 23(b)(3) of the Federal Rules of Procedure, which requires common questions of law or fact to predominate in class actions. Ginsburg disagreed.
“Rule 23 grants courts no license to engage in free-ranging merits inquiries at the certification stage,” she wrote.
Connecticut Retirement Plans and Trust Funds had sued Amgen for alleged misstatements about two of its flagship drugs. The case is Amgen Inc. v. Connecticut Retirement Plans.
Data breaches and cyberattacks aren’t just a worry for consumers who’ve had personal information filched or paranoid information security pros. They can also scare away investors, according to a study on investor attitudes toward cybersecurity released Monday.
Companies with a history of being targeted in cyberattacks one or more times were viewed with skepticism by the 405 investors who took part in the study by HBGary, which offers tools and services to protect information from cyber spies and terrorists.
Some 78.1% of them said they were somewhat or very unlikely to invest in such a company. In addition, more than two-thirds (68.7%) said they would be somewhat or very unlikely to invest in a company with a history of one or more data breaches.
The study, performed by Zogby Analytics, showed that investors are less concerned about cyberattacks themselves than about how a company responds to them. About two-thirds (66%) of the investors said they were more interested in how a company handles an attack, compared to 25% who said they were more concerned with the attacks themselves.
When it comes to anything that will affect the ‘ol mighty dollar significantly, companies act!
Another other thoughts on alternatives to laws and regulations to motivate companies to take security seriously? Let us know in the comments below. Today’s post pic is from SubjectToInquiry.com. See ya!