In this article, William Barry and Brian Fleming* discuss the risks public companies face in relation to whistleblower complaints about data breaches and cybersecurity deficiencies. "Public companies increasingly are confronted with whistleblower complaints regarding data breaches, cybersecurity vulnerabilities, and related internal control deficiencies," Barry and Fleming wrote. "If those complaints go unheeded — or, worse, prompt retaliation — companies could be exposed to civil liability in addition to reputational damage. The Securities and Exchange Commission has made no secret of the fact that cybersecurity is a top enforcement priority and that its whistleblower program is here to stay." The authors also offer practical steps public companies can take to ensure their compliance and internal investigations procedures are up-to-date to address these issues.

*Former Miller & Chevalier attorney