Statements about cybersecurity: A duty of accuracy or a license for puffery?
By John Bandler. Published April 14, 2025, Reuters Legal News
Organizations need to make statements about their cybersecurity and information systems, articulated by different people to different audiences.
There are tensions because some parts of an organization sell and reassure, others work to keep information systems secure. Sometimes a single individual is called upon to do both, such as a chief information security officer (CISO).
To sell, the organization lets clients, customers, and investors know things are running great, their products and services are excellent, security is airtight. These rosy statements help make the deal happen.
To secure and operate, the organization needs facts not puffery, and few organizations are perfect.
In sum, there is a legal duty of accuracy with diligence required, plus an ethical and practical imperative.
...
Read the full article, clean PDF with no ads, hosted here with permission of Reuters, Bandler Reuters LN Statements about cybersecurity 2025-4-14
Find it on Reuters at https://www.reuters.com/legal/legalindustry/statements-about-cybersecurity-duty-accuracy-or-license-puffery-2025-04-14/
Find it on Westlaw Today here (mostly ad free)
I wrote the article, Thomson Reuters owns the copyright, and I have permission to host it here (more details in the PDF).
My other Reuters articles include
- Cryptocurrency past is prologue: before and after FTX
- Solving the cybercrime problem
- Attorneys, cybersecurity, and New York's new CLE training requirement
- Cybersecurity law, compliance and protection
- SolarWinds and the SEC lawsuit
- AI's promise and problem for law and learning
- Management, policies, cybersecurity and compliance
- Building and updating organization policies and procedures
- Your organization's privacy policy — and privacy notice
- Cyberlaw: An area of law for all of us
- Data law: a part of cyberlaw
- Statements about cybersecurity: A duty of accuracy or a license for puffery? (this page)
- Reuters articles page at JohnBandler.com (a current list of all my Reuters articles)
- My Reuters author page https://www.reuters.com/authors/john-bandler/
Articles on this website on related topics
- Cyberlaw Book
- SolarWinds breach and the 2023 SEC lawsuit (research jump-off page, with chronology, court filings, etc.) **
- Cyberlaw
- Learning about Cyberlaw
The Reuters article was published on 4/14/2025.
This page is hosted at https://johnbandler.com/statements-about-cybersecurity-accuracy-or-puffery, copyright John Bandler, all rights reserved.
Page created 4/14/2025. Updated 4/15/2025.