Apropos the preceding post, Kevin LaCroix explains:
In the immediate aftermath of the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, and as part of the discussion of the decision’s possible implications, one question I was asked was whether claimants might seek to assert breach of the duty of oversight claims in the context of cybersecurity and privacy issues. After all, for many companies these days, cybersecurity is mission critical. However, there are now two Delaware court decisions in which attempts to assert an oversight duty claim in the context of a cybersecurity incident have been unsuccessful.
LaCroix goes on to discuss the most recent case on point, Vice Chancellor Glasscock’s September 6, 2022 opinion in the SolarWinds case, which can be found here.
Vice Chancellor Glasscock did not hold that a claimant could never sustain a cybersecurity related oversight duty breach claim. But his opinion does contain a number of points that underscore how difficult it would be for a claimant to succeed on this theory.
He goes on to explain those points. It's a must read column.