6 POLICY Special edition 2023 D&O and Cyber insurers carefully follow legal developments in the relevant jurisdictions, in order to ascertain trends and accordingly the risks entailed in these dynamic classes of businesses which are materially influenced from the legal environment. There have been some recent material decisions and law amendments in Israel that are worth paying attention to. Cyber & Privacy one of the main risks emanating from a cyber incident is a data breach or data leakage which causes the release of sensitive or protected data of third parties who may file class actions claims against the company which was attacked. Such claims are covered in principle under cyber insurance and may result in payment of significant insurance benefits. In a recent court case in Israel, the District Court dismissed a class action against Facebook for cyber incident related data breach setting out some significant principles. The claim related to a security breach discovered by Facebook which reportedly had exposed the personal data of nearly 50 million users. A class action was filed in Israel against Facebook for damage of users as a result of the leakage of their personal data. The Judge dismissed the claim and emphasized that since cyber-attacks became such a common phenomenon, there are no systems which are fully protected against cyber-attacks. While Facebook must take reasonable action to trace attacks and contain them, it does not have a strict liability that no attacks or data breaches occur. It also cannot and should not anticipate every one of the endless possible attacks on its systems. It was further determined that Facebook did not make misrepresentations regarding the level of its security. Given there cannot be an anticipation that Facebook’s systems will be fully protected against attacks, the Judge rejected the allegation that Facebook was negligent, as it is unreasonable for users to expect that there will be no security breaches in its systems, and concluded that an absolutely breachfree security plan is simply impossible. Accordingly, the Judge determined that Facebook did not breach the Privacy Protection Law. This judgment, although is not a binding precednent, sets out a very important defence for companies that are targeted by cyber attacks, against third party claims for breach of the Privacy Protection Law, in cases where the comapany can prove that the level of its security was in line with exepted standards and when the attack was complex. Furthermore, any third party who sues such a company will have to overcome another barrier to prove that the data subjects sustained a real damage, and not a negligable damage. This is an important decision which acknowledges that cyber-attacks are inevitable, that there are no systems which are fully protected against attackers and thus that breach of privacy does not automatically lead to liability of the company whose systems were infiltrated. D&O Liability The court’s consideration when approving a settlement in a derivative claimAn important decision was handed down in January 2023 by the Court of Economic Affairs in Tel-Aviv, in the framework of approval of a settlement agreement of a derivative action. A minority shareholder of an Israeli Bank submitted a Motion to Certify a Derivative Action against the Bank’s D&Os, alleging that they are liable towards the Bank for losses exceeding NIS 1 billion, allegedly sustained by it as a result of the extension of credit to a tycoon. The D&O insurers and the Bank reached a relatively low settlement for a full and final release of the claim, and requested the court’s approval of the settlement, as required under the Law. Despite many objections to the settlements filed by various parties, the court approved the settlement and decided as follows: The Court is not required to fully analyze the chances and the risks of the Derivative Claim when approving a settlement, and it is sufficient that it gains the impression that the settlement took the relevant considerations into account and reflects a just and fair settlement for the benefit of the Bank. The Judge emphasized that under Israeli law, the D&Os enjoy the defence of the Business Judgment Rule. The burden of proof that this defence D&O and Cyber - Updates of Important Developments in Israel By Adv. Sigal Schlimoff, partner at Gross Orad Schlimoff & Co. law office and Lloyd’s representative in Israel And Adv. Maya Salomon - partners at Gross Orad Schlimoff & Co. law office Adv. Sigal Schlimoff Adv. Maya Salomon Continued on page 33
RkJQdWJsaXNoZXIy MjgzNzA=